Malwarebytes and HiJackThis both crash and return permissions errors...

View previous topic View next topic Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 17th September 2010, 8:42 pm

Okay please re-run LockSearch and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 17th September 2010, 8:47 pm

At least got the whole log for it this time Smile

LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:45 on 17/09/2010 (matt)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-------------------------


C:\Users\matt\Desktop\OTL.exe
-------------------------


C:\WINDOWS\System32\cngaudit.dll
-------------------------
C:\Windows\System32\cngaudit.dll [Unable to get md5 : 1998120061 bytes]
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [7F15B4953378C8B5161D65C26D5FED4D : 11776 bytes]

-=E.O.F=-

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 17th September 2010, 8:48 pm

and just to be for sure, I ran the fix.bat again a third time to check malwarebytes and its like once I try and run it it re locks it up....

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 17th September 2010, 8:50 pm

Okay, lets try it this way.

Right click Inherit.exe, select Copy.

Now using Windows Explorer (Windows Key + E), locate this folder:
C:\Program Files\Malwarebytes' Anti-Malware

Enter the folder, right click anywhere, select Paste.

That should put a copy of Inherit.exe into the MBAM folder. Now drag and drop mbam.exe onto inherit.exe.



Now with the copy of inherit.exe that is still on the Desktop, drag and drop OTL.exe onto inherit.exe.

Does MBAM work now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 17th September 2010, 8:56 pm

No. It opened like last time, but it still just closes after 6 seconds and then it returns the permissions error again.

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 17th September 2010, 8:57 pm

Hmm, please re-run Win32kDiag and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 20th September 2010, 1:58 pm

K. here is that again.
_________________________________________________________

Running from: C:\Users\matt\Desktop\Win32kDiag.exe

Log file at : C:\Users\matt\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 04:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[1] 2006-11-02 04:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\mrt.exe

[1] 2010-09-10 14:34:30 35552200 C:\Windows\System32\mrt.exe ()

[1] 2008-01-20 21:24:53 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)





Finished!

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 20th September 2010, 11:34 pm

Hmm, can you extract/use The Avenger?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 21st September 2010, 2:43 pm

I'll try again

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 21st September 2010, 2:44 pm

It still says it's invalid.

I'm not sure if I may just be doing something wrong or if vista just doesn't like it.

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 21st September 2010, 9:16 pm

Hello.
Delete that copy of the Avenger and re-download it, now try it again, do you get the same error?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 21st September 2010, 9:20 pm

yeah. I still get the same error with it.

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Belahzur on 22nd September 2010, 11:39 pm

Can you run OTL now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 24th September 2010, 1:35 pm

Here is the OTL log. Didn't get the extras log again.

--------------------------------------------------------------------------------------------------

OTL logfile created on: 9/23/2010 8:19:23 AM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 94.99 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.39 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAWN-PC
Current User Name: matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2010/06/25 23:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/09/27 00:06:55 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/12 06:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/09/27 00:06:55 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/04 04:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/04 00:16:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Microsoft)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} [You must be registered and logged in to see this link.] (Wizard101GameLauncher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.6.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 15:11:13 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/17 11:06:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010/09/16 13:07:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/09/16 12:06:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 08:56:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/10 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 09:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/09 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Macromedia
[2010/09/09 03:08:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/09/09 03:08:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/09/09 03:08:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/09/08 10:14:18 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/09/08 10:14:17 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/08 10:14:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/09/08 10:14:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/09/08 10:13:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/08 09:45:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/09/08 09:45:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/09/08 09:45:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/09/08 09:45:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/09/08 09:45:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/09/08 09:45:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/09/08 09:45:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/09/08 09:45:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/09/08 09:45:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/09/08 09:45:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/09/08 09:45:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/09/08 09:45:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/09/08 09:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/09/08 09:45:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/09/08 09:45:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/09/08 09:44:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/09/08 09:44:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/08 09:44:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/09/08 09:43:30 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/09/08 09:43:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/09/08 09:43:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/08 09:43:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/08 09:42:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/08 09:42:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/01 15:11:57 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2010/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Verizon Wireless
[2010/08/30 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Anatomy
[2010/08/30 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\WildTangent
[2010/08/28 00:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Apple
[2010/08/27 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/27 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\CyberLink
[2010/08/26 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Yahoo!
[2010/08/26 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Youcam
[2010/08/26 22:31:50 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Hewlett-Packard
[2010/08/26 22:19:31 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\little league matt
[2010/08/26 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Hewlett-Packard
[2010/08/26 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Adobe
[2010/08/26 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\HP
[2010/08/26 21:29:36 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\QuickPlay
[2010/08/26 21:29:23 | 000,000,000 | R--D | C] -- C:\Users\matt\Searches
[2010/08/26 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Identities
[2010/08/26 21:29:10 | 000,000,000 | R--D | C] -- C:\Users\matt\Contacts
[2010/08/26 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\VirtualStore
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Temporary Internet Files
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Templates
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Start Menu
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\SendTo
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Recent
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\PrintHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\NetHood
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Videos
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Pictures
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Documents\My Music
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\My Documents
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Local Settings
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\History
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Cookies
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\Application Data
[2010/08/26 21:29:03 | 000,000,000 | -HSD | C] -- C:\Users\matt\AppData\Local\Application Data
[2010/08/26 21:29:01 | 000,000,000 | --SD | C] -- C:\Users\matt\AppData\Roaming\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Videos
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Saved Games
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Pictures
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Music
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Links
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Favorites
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Downloads
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Documents
[2010/08/26 21:29:01 | 000,000,000 | R--D | C] -- C:\Users\matt\Desktop
[2010/08/26 21:29:01 | 000,000,000 | -H-D | C] -- C:\Users\matt\AppData
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Temp
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft Help
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Microsoft
[2010/08/26 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Media Center Programs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/23 08:23:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FC831C4-4D0E-4D5A-BA3D-44268E92C10E}.job
[2010/09/23 08:23:19 | 000,000,230 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/09/23 08:23:05 | 000,000,190 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/23 08:19:38 | 001,048,576 | -HS- | M] () -- C:\Users\matt\ntuser.dat
[2010/09/23 08:18:51 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/23 08:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/21 16:19:49 | 000,677,998 | ---- | M] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:45:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 09:44:33 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\AlphaAnt.job
[2010/09/21 09:44:30 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/21 09:44:30 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/21 09:44:30 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/21 09:43:57 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/21 09:43:36 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/21 03:20:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/21 03:19:47 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2010/09/21 03:19:44 | 3152,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 03:17:08 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/21 03:17:08 | 000,065,536 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/17 15:11:43 | 000,002,521 | ---- | M] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/17 11:28:00 | 000,032,653 | ---- | M] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/17 11:07:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 03:17:42 | 002,057,727 | -H-- | M] () -- C:\Users\matt\AppData\Local\IconCache.db
[2010/09/16 13:07:27 | 003,845,883 | ---- | M] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 12:06:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2010/09/16 09:22:32 | 000,939,956 | ---- | M] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 09:19:55 | 003,266,369 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/09/16 09:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 08:54:02 | 000,047,616 | ---- | M] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 14:34:30 | 035,552,200 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2010/09/09 09:24:10 | 000,085,504 | ---- | M] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/09 03:31:29 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/03 12:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 12:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | M] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 17:06:05 | 000,002,627 | ---- | M] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/27 16:48:01 | 000,000,813 | -HS- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | M] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:30:01 | 000,077,136 | ---- | M] () -- C:\Users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/26 21:29:03 | 000,000,020 | -HS- | M] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 16:19:47 | 000,677,998 | ---- | C] () -- C:\Users\matt\Desktop\avenger.zip
[2010/09/17 13:02:11 | 000,085,504 | ---- | C] () -- C:\Users\matt\Desktop\Inherit.exe
[2010/09/17 11:28:00 | 000,032,653 | ---- | C] () -- C:\Users\matt\Desktop\LockSearch.exe
[2010/09/16 13:07:27 | 003,845,883 | ---- | C] () -- C:\Users\matt\Desktop\svchost.exe
[2010/09/16 09:22:28 | 000,939,956 | ---- | C] () -- C:\Users\matt\Desktop\7z465.exe
[2010/09/16 08:47:22 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB0D9DAC-B339-4772-9064-12E1E262BA0A}.job
[2010/09/13 08:54:01 | 000,047,616 | ---- | C] () -- C:\Users\matt\Desktop\Win32kDiag.exe
[2010/09/10 08:56:38 | 000,002,521 | ---- | C] () -- C:\Users\matt\Desktop\HiJackThis.lnk
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000002.regtrans-ms
[2010/09/09 08:29:30 | 000,524,288 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 08:29:30 | 000,065,536 | -HS- | C] () -- C:\Users\matt\ntuser.dat{3359c88f-b784-11df-a6db-001e688a2e09}.TM.blf
[2010/09/03 11:04:48 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2010/09/03 09:10:40 | 000,003,584 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 08:58:14 | 3152,932,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 15:09:38 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 22:42:48 | 000,000,943 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 22:23:15 | 000,000,944 | ---- | C] () -- C:\Users\matt\Desktop\Windows Media Player.lnk
[2010/08/26 22:02:54 | 000,000,938 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/26 21:51:11 | 000,002,627 | ---- | C] () -- C:\Users\matt\Desktop\Microsoft Office Word 2007.lnk
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\QSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\DSwitch.txt
[2010/08/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\AtStart.txt
[2010/08/26 21:29:03 | 000,000,020 | -HS- | C] () -- C:\Users\matt\ntuser.ini
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/26 21:29:02 | 000,524,288 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 21:29:02 | 000,262,144 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG1
[2010/08/26 21:29:02 | 000,065,536 | -HS- | C] () -- C:\Users\matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/26 21:29:02 | 000,000,000 | -H-- | C] () -- C:\Users\matt\ntuser.dat.LOG2
[2010/08/26 21:29:01 | 001,048,576 | -HS- | C] () -- C:\Users\matt\ntuser.dat
[2010/08/26 21:29:01 | 000,000,934 | ---- | C] () -- C:\Users\matt\Desktop\Cyberlink YouCam.lnk
[2010/08/26 21:29:01 | 000,000,258 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/26 21:29:01 | 000,000,240 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/03/11 22:28:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/21 23:30:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/21 17:44:08 | 000,534,528 | ---- | C] () -- C:\Windows\System32\ExplorerImages.dll
[2009/11/21 03:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/09/23 23:45:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 11:23:04 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/18 11:23:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/28 16:23:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 21:38:18 | 000,002,493 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2006/11/02 03:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malwarebytes and HiJackThis both crash and return permissions errors...

Post by Drenji on 18th October 2010, 5:55 pm

Guess I will just wipe the hard drive and tell them to start over.

Drenji
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-09-09
Gender Gender : Male
OS OS : Win 7 Pro
Protection Protection : Malwarebytes, Spybot - S&D, HijackThis, FCleaner
Points Points : 23154
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum