AV removal

View previous topic View next topic Go down

AV removal

Post by cathat36 on 22nd June 2010, 12:41 am

I have tried locating the files an can't locate them, have also tried the malware removal it shows nothing.
OTL Extras logfile created on: 6/21/2010 8:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\CATINA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 217.57 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
Drive D: | 970.13 Mb Total Space | 359.80 Mb Free Space | 37.09% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CATINA-PC
Current User Name: CATINA
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643284E-1C2D-4608-A41A-FAAB3E427A94}" = rport=139 | protocol=6 | dir=out | app=system |
"{0DBF3412-5410-47DA-A68A-F339FD43378C}" = lport=445 | protocol=6 | dir=in | app=system |
"{13A38403-A69E-4742-AEC8-6DC873787CDD}" = rport=445 | protocol=6 | dir=out | app=system |
"{1B5369FE-A83F-44ED-8228-CBD908281F56}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BB98B6F-E0B6-4477-B20D-093C9B781477}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FAABB27-08D5-4DE9-AB92-3259581D4A36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{543566AD-1961-40DA-8B18-23A83A50B7CD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AE34A6A-A2EF-47B5-82D9-7BAEC80971EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{86A94948-35C0-456D-BAF6-20BB42183650}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9029B8C7-3C3D-44FD-BD3C-358A3DBEFA29}" = lport=138 | protocol=17 | dir=in | app=system |
"{970F1C1E-F0FD-4873-B8B6-D2DEF83694E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6894730-A4FD-4F96-8A53-C405292B2361}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4CD0002-26E7-424F-A38A-12EF955D13EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CECBA8EC-B10E-40C7-9F15-F1BBD03DFB78}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0CF77A1-E369-43C4-9EF8-0E3D96447E66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4022590-3300-460D-8913-75C17239FEF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEB758D5-4051-4B8A-94AF-19B9BD68FFD9}" = lport=137 | protocol=17 | dir=in | app=system |
"{FBBB8923-61E9-49EE-BFCD-19E34ABC4BC2}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10006666-EC3F-4521-866C-91769F9FBAC0}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{11F9E593-BA56-4035-99EC-43CDE58B27B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24912A48-2E84-4AC9-8565-968700697BC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CE9832F-FEEB-4C16-90E5-2052A14A3E0C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30C3B114-5488-4E9D-9502-5FE500CE273D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{377D4CB7-D123-4AAC-BF5E-D3914E3D4B14}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3A70090C-736C-4F42-ADB7-BBA88DED4DE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{428FCC36-24F3-40B4-95AE-7E3046643133}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48AA332E-E74D-4DFC-9A42-D5F2633A2321}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{60736F88-14DA-4C9C-B331-FD3AE7CB87BF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{6C002225-C428-4082-870B-97F2F6B4B7D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{81F6FE07-E5B8-421C-A6D3-F6BD358F8C92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D8D5B79-E746-4C5B-AD56-E77CB5FEDACF}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{8FFC702D-BD1C-415C-9FF0-963FFD1DE09A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B9E738A0-81B8-4170-A05A-3A3A750487EE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C68511F4-7B9D-4F57-814D-A21B04BAE284}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{CC7A55B6-06E4-4CEC-9617-91FDB2B51C84}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{DE2D7F77-BF73-4A00-B705-57FAFE250CF8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F900F683-33E2-4EAF-B00B-B4F75312E414}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD2E77DF-B245-4B87-B7A0-EE6574D4AB88}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BC6D5EAF-D314-4f47-8951-42CF14CB7316}" = dj_aio_corporate
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E91E8912-769D-42F0-8408-0E329443BABC}" = WNC-0500USB Wireless Adapter
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Playsushi" = Playsushi
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2010 12:07:26 AM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/6/2010 1:11:58 AM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/6/2010 7:56:33 AM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/6/2010 9:05:23 PM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/6/2010 11:19:57 PM | Computer Name = CATINA-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/7/2010 10:13:05 PM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/8/2010 8:05:58 PM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/9/2010 10:57:23 AM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2010 9:39:21 PM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/11/2010 1:36:49 AM | Computer Name = CATINA-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/21/2010 5:33:45 PM | Computer Name = CATINA-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/21/2010 5:38:01 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 5:38:09 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 5:38:09 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 5:38:12 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 5:38:12 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 5:38:22 PM | Computer Name = CATINA-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/21/2010 5:38:22 PM | Computer Name = CATINA-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/21/2010 8:06:40 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 8:07:08 PM | Computer Name = CATINA-PC | Source = DCOM | ID = 10005
Description =


< End of report >

cathat36
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-06-21
Gender Gender : Female
OS OS : xp
Protection Protection : avg
Points Points : 23648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV removal

Post by Crush on 22nd June 2010, 12:45 am

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

I have tried locating the files an can't locate them, have also tried the malware removal it shows nothing.

What specifically have you tried? Also, do you have the OTL.txt generated with OTL?

If you do, please attach it here for review

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV removal

Post by cathat36 on 22nd June 2010, 12:57 am

Have ran Malwarebytes, tried locating the files from exe an dll, windows one live scanner, update windows an java.
OTL logfile created on: 6/21/2010 8:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\CATINA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 217.57 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
Drive D: | 970.13 Mb Total Space | 359.80 Mb Free Space | 37.09% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CATINA-PC
Current User Name: CATINA
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 20:13:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CATINA\Desktop\OTL.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 20:13:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CATINA\Desktop\OTL.exe
MOD - [2009/04/11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/11 10:29:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/11 10:29:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/19 12:26:54 | 000,455,944 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/06/11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 21:29:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 21:29:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 10:29:01 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/24 08:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/07/23 14:28:32 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/29 10:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 04:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 04:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 04:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/06/08 11:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/02/08 20:35:46 | 000,000,000 | ---D | M] -- C:\Users\CATINA\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [You must be registered and logged in to see this link.] (Windows Live OneCare safety scanner control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [You must be registered and logged in to see this link.] (Imikimi_activex_plugin Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.0.12
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e5651f7-f4c8-11de-a120-002197a090e2}\Shell - "" = AutoRun
O33 - MountPoints2\{0e5651f7-f4c8-11de-a120-002197a090e2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 20:13:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\CATINA\Desktop\OTL.exe
[2010/06/21 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\CATINA\Documents\JavaRa[1]
[2010/06/21 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\CATINA\.SunDownloadManager
[2010/06/21 17:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/21 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\CATINA\AppData\Local\sfsahvucw
[2010/06/11 02:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/11 02:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/11 02:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/11 02:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/08 21:46:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 21:46:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/08 21:46:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/08 21:46:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/08 21:46:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/08 21:46:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/08 21:46:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/08 21:46:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/08 21:46:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/08 21:46:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/08 21:46:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/08 21:46:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/08 21:46:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/08 21:46:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/08 21:46:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/08 21:46:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/08 21:45:52 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 21:45:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 21:45:47 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/05/25 20:25:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/06/21 20:13:26 | 002,097,152 | -HS- | M] () -- C:\Users\CATINA\NTUSER.DAT
[2010/06/21 20:13:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CATINA\Desktop\OTL.exe
[2010/06/21 18:37:26 | 142,330,768 | ---- | M] () -- C:\Users\CATINA\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/06/21 18:08:43 | 000,001,356 | ---- | M] () -- C:\Users\CATINA\AppData\Local\d3d9caps.dat
[2010/06/21 17:46:21 | 000,001,876 | ---- | M] () -- C:\Users\CATINA\Desktop\HijackThis.lnk
[2010/06/21 17:42:06 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 17:42:06 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 17:42:06 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 17:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 17:36:45 | 000,524,288 | -HS- | M] () -- C:\Users\CATINA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 17:36:45 | 000,065,536 | -HS- | M] () -- C:\Users\CATINA\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/21 17:36:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 17:36:20 | 003,621,133 | -H-- | M] () -- C:\Users\CATINA\AppData\Local\IconCache.db
[2010/06/21 17:33:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 17:33:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 17:33:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/06/11 21:00:50 | 001,856,609 | ---- | M] () -- C:\Users\CATINA\Documents\041.jpg
[2010/06/11 20:56:02 | 001,440,700 | ---- | M] () -- C:\Users\CATINA\Documents\044.jpg
[2010/06/11 20:53:58 | 000,712,111 | ---- | M] () -- C:\Users\CATINA\Documents\040.jpg
[2010/06/11 20:49:27 | 001,176,878 | ---- | M] () -- C:\Users\CATINA\Documents\034.jpg
[2010/06/11 20:46:20 | 001,026,137 | ---- | M] () -- C:\Users\CATINA\Documents\026.jpg
[2010/06/11 20:32:11 | 001,719,058 | ---- | M] () -- C:\Users\CATINA\Documents\dylan55.jpg
[2010/06/11 02:10:00 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/11 02:05:45 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/09 22:26:13 | 000,049,664 | ---- | M] () -- C:\Users\CATINA\Documents\Discovery%20requests,%20income%20and%20custody%20petitioning%20party,%20Jessica%20Lawyer,%202010[1].doc
[2010/06/09 17:59:12 | 000,012,972 | ---- | M] () -- C:\Users\CATINA\Documents\respiratory_care_course_list[1].docm
[2010/06/09 12:07:45 | 000,009,009 | ---- | M] () -- C:\Users\CATINA\Documents\Untitled 1.odp
[2010/06/09 11:47:36 | 000,022,899 | ---- | M] () -- C:\Users\CATINA\Documents\Discovery%20requests,%20income%20and%20custody%20petitioning%20party,%20Jessica%20Lawyer,%202010[1].docm
[2010/06/09 10:57:18 | 000,310,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 23:04:43 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/02 21:29:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 21:29:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/30 19:52:49 | 000,040,713 | ---- | M] () -- C:\Users\CATINA\Documents\022.jpg
[2010/05/30 19:45:56 | 002,372,711 | ---- | M] () -- C:\Users\CATINA\Documents\springmill5.jpg
[2010/05/30 19:44:34 | 000,863,158 | ---- | M] () -- C:\Users\CATINA\Documents\springmill4.jpg
[2010/05/30 19:40:59 | 002,295,422 | ---- | M] () -- C:\Users\CATINA\Documents\springmill3.jpg
[2010/05/30 19:40:46 | 002,295,422 | ---- | M] () -- C:\Users\CATINA\Documents\springmill3
[2010/05/30 19:38:34 | 002,665,659 | ---- | M] () -- C:\Users\CATINA\Documents\springmill2.jpg
[2010/05/30 19:33:19 | 001,556,186 | ---- | M] () -- C:\Users\CATINA\Documents\springmill1.jpg
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/23 17:47:27 | 000,019,394 | ---- | M] () -- C:\Users\CATINA\Documents\dyalnspaper.odt

========== Files Created - No Company Name ==========

[2010/06/21 18:09:44 | 142,330,768 | ---- | C] () -- C:\Users\CATINA\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/06/21 17:46:21 | 000,001,876 | ---- | C] () -- C:\Users\CATINA\Desktop\HijackThis.lnk
[2010/06/11 21:00:49 | 001,856,609 | ---- | C] () -- C:\Users\CATINA\Documents\041.jpg
[2010/06/11 20:56:02 | 001,440,700 | ---- | C] () -- C:\Users\CATINA\Documents\044.jpg
[2010/06/11 20:53:58 | 000,712,111 | ---- | C] () -- C:\Users\CATINA\Documents\040.jpg
[2010/06/11 20:49:27 | 001,176,878 | ---- | C] () -- C:\Users\CATINA\Documents\034.jpg
[2010/06/11 20:46:19 | 001,026,137 | ---- | C] () -- C:\Users\CATINA\Documents\026.jpg
[2010/06/11 20:32:10 | 001,719,058 | ---- | C] () -- C:\Users\CATINA\Documents\dylan55.jpg
[2010/06/11 02:10:00 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/11 02:05:45 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/09 22:25:27 | 000,049,664 | ---- | C] () -- C:\Users\CATINA\Documents\Discovery%20requests,%20income%20and%20custody%20petitioning%20party,%20Jessica%20Lawyer,%202010[1].doc
[2010/06/09 17:59:12 | 000,012,972 | ---- | C] () -- C:\Users\CATINA\Documents\respiratory_care_course_list[1].docm
[2010/06/09 12:07:41 | 000,009,009 | ---- | C] () -- C:\Users\CATINA\Documents\Untitled 1.odp
[2010/06/09 11:47:36 | 000,022,899 | ---- | C] () -- C:\Users\CATINA\Documents\Discovery%20requests,%20income%20and%20custody%20petitioning%20party,%20Jessica%20Lawyer,%202010[1].docm
[2010/05/30 19:52:47 | 000,040,713 | ---- | C] () -- C:\Users\CATINA\Documents\022.jpg
[2010/05/30 19:45:54 | 002,372,711 | ---- | C] () -- C:\Users\CATINA\Documents\springmill5.jpg
[2010/05/30 19:44:31 | 000,863,158 | ---- | C] () -- C:\Users\CATINA\Documents\springmill4.jpg
[2010/05/30 19:40:57 | 002,295,422 | ---- | C] () -- C:\Users\CATINA\Documents\springmill3.jpg
[2010/05/30 19:40:44 | 002,295,422 | ---- | C] () -- C:\Users\CATINA\Documents\springmill3
[2010/05/30 19:38:31 | 002,665,659 | ---- | C] () -- C:\Users\CATINA\Documents\springmill2.jpg
[2010/05/30 19:33:16 | 001,556,186 | ---- | C] () -- C:\Users\CATINA\Documents\springmill1.jpg
[2010/03/06 23:24:05 | 000,295,018 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2009/12/29 19:09:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/29 17:54:25 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 00:32:48 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 10:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/06/29 10:11:16 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/16 00:31:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 12:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2010/06/21 20:08:33 | 000,015,668 | ---- | M] () -- C:\JavaRa.log
[2008/08/16 00:19:49 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/06/21 17:37:41 | 2192,060,416 | -HS- | M] () -- C:\pagefile.sys
[2009/12/29 17:56:14 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2008/08/16 00:08:22 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %PROGRAMFILES%\*. >
[2010/01/10 21:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2008/08/16 00:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/03/14 19:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/04 21:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/11 10:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/01/11 20:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/04 16:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2009/12/29 19:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2010/06/11 02:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/14 19:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/09 18:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/12/29 17:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/12/29 17:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2010/05/02 18:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Fetch
[2009/12/29 17:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2009/12/29 17:54:06 | 000,000,000 | ---D | M] -- C:\Program Files\EMACHINES
[2008/08/16 00:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\eMachines Games
[2010/01/17 20:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\Flip Video
[2010/03/11 15:17:58 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/01/12 15:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/12/30 21:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\Imikimi
[2010/03/06 23:23:59 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/08 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/11 02:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/11 02:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/06/21 20:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/19 18:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/01/25 14:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/09 18:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/12/29 18:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/06 00:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/02/17 14:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/03/10 08:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/14 08:16:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/10 08:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/01/19 18:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/02 16:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/02/08 20:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\PlaySushi
[2008/08/16 00:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\Preload
[2010/06/11 02:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/08/16 00:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/21 17:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 17:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\WalMart
[2009/12/29 19:35:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/12/29 19:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/12/29 19:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/12/29 19:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/03/25 19:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2010/06/08 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/12/29 21:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/12/29 19:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/01/01 21:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/12/29 19:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/03/06 23:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\WNC-0500USB
[2010/01/08 22:42:42 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client

< %appdata%\*.* >
[2010/02/24 16:49:11 | 000,000,124 | ---- | M] () -- C:\Users\CATINA\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 00:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 00:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 00:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/01/25 08:02:04 | 000,132,128 | ---- | M] (NVIDIA Corporation) MD5=0D15327134E5871C922760ACD7449E84 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset Nfref_1518_ws\IDE\WinVista\sataraid\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2008/01/25 08:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset Nfref_1518_ws\IDE\WinVista\sataraid\nvstor32.sys
[2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset Nfref_1518_ws\IDE\WinVista\sata_ide\nvstor32.sys
[2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_5e0a2cc3\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 22:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 22:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 22:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 22:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-09 02:06:41
< End of report >

cathat36
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-06-21
Gender Gender : Female
OS OS : xp
Protection Protection : avg
Points Points : 23648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV removal

Post by Crush on 22nd June 2010, 1:02 am

Hi again Smile

I see you are using Wild Tangent, [You must be registered and logged in to see this link.]. It is not malware, but is sometimes thought to bring malware along. Unless you are an extremely avid games player, I recommend you remove this (Optional)...

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section.

The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it's not technically considered spyware, it does have built in components to update itself and gather information about the computer system including


  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
    Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
    Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.


Please navigate to Add/Remove Programs and remove the entry named:

Wild Tangent Web Driver


Once that is done ensure C:\Program Files\WildTangent has also been removed.

Then, right click your Recycle Bin and choose Empty Recycle Bin
======

Next, please open Malwarebytes, navigate to the Logs tab and double click on the last log from the scan you ran. Please post its contents here for review. Thanks.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum