Uknown trojan/virus, causing loss of local disk space

View previous topic View next topic Go down

Uknown trojan/virus, causing loss of local disk space

Post by ScarletFBL on Wed Nov 10, 2010 12:09 pm

Antivirus/etc: Kaspersky IS 2011

I honestly don't know what's wrong with my computer, this time, and I've been slow in trying to find out. I bought a new version of Kaspersky, tried getting rid of most of my recently DLed files, but nothing has worked. Also, I think whatever's wrong with with my computer is causing the Windows updates to constantly want to update, and it's building up, taking up nearly all of my disk space. There's only 12G left, I think. javascript:emoticonp('Whoa!')

Any help would be appreciated. Please and thank you.

OTL Extras logfile created on: 11/9/2010 8:18:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\ScarletFBL\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.16 Gb Total Space | 12.85 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
Drive D: | 11.89 Gb Total Space | 1.86 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Computer Name: SCARLETFBL-PC | User Name: ScarletFBL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A1F632-7CA2-4355-944F-027B06953570}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{61A1985C-4B18-4E95-B51F-E7F9C830E814}" = lport=50489 | protocol=6 | dir=in | name=akamai netsession interface |
"{794F47A2-08C6-4A2A-AFE2-0307F470043A}" = lport=49207 | protocol=6 | dir=in | name=akamai netsession interface |
"{7E574E41-B773-4C3C-A8E9-FA7F5821B9FF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8AD45D2F-E21D-461B-82EC-0BE9530D7465}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D441DA0E-3A40-4421-8DDC-DD8ED75A36C2}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0166C11B-5F24-4A33-AC18-AB1C64562D0A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{01E5E9BF-9469-4B32-B07D-237749DE5A00}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{15C5CD6C-A566-4EF0-B460-F65BF893A519}" = protocol=6 | dir=in | app=c:\program files\nakido\nakido.exe |
"{2F1D00B2-7442-4991-96EF-00D9D7965CEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{32BD6F67-E446-48C8-9104-3CBB6FF67A3F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{32ED3123-D751-4209-9598-2C381394EB91}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{334D7D46-1D66-4022-9908-87E1DE0A7302}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3CB72232-33D8-4B2F-A44A-2F073CAEC685}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{53213A62-FDA1-419E-8954-A7A20460225D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5399B9C4-F44D-4876-AA8C-8BEE0C50802A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{60989907-C8EB-471C-B3C0-056B945FCEF0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7A590D3B-2D07-4359-B0F7-1FA3B2B54463}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7CE87039-A5D9-4F52-8AD4-CBC9D8857522}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{86570022-FCCA-48A3-BB36-857DAC7D3A86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{86EB426C-A133-4B09-8342-B2A7F41B3BFE}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{88901493-73B5-4508-B2C1-6B1321D319F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92E8B766-5884-42D7-A2F1-C47C389868EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9C35CBB7-E77B-4EDB-855D-ECED22295B7D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{A1CD9AA9-F525-4017-9771-DE045EA94C2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA209F12-456A-4498-AEE1-293A29769893}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AC995B6F-65F6-433F-9D73-C945E47EFE06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B5E230C0-EE36-4E0F-84E6-6A8DC3CE2D89}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B89CFBA4-A7BA-4F45-BEB7-9C38405838A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B8BB2215-6072-4F5D-B6DD-63166E97AE04}" = protocol=17 | dir=in | app=c:\program files\nakido\nakido.exe |
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BE295D14-42E3-492E-85FD-771604D653D6}" = dir=in | app=e:\setup\hpznui01.exe |
"{C11B6FE3-DDDB-478C-867B-7210277469B8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{C8FCC0AA-B943-459F-9D2B-9445611167D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{CE21AFF4-FE9F-4C09-81E7-DA09080FD28D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D26FF620-377B-4149-A7E3-F454C28B7C98}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D3D47393-0393-4F88-AB88-2B74312DC609}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E43338B0-5D30-46E6-9829-71FADB1D5E4A}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF59FB32-CFE2-4731-9777-B3A17D1C2D31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{599FE162-200A-4B80-93C4-F248BF183E03}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E5D27E6D-F704-4C36-82AD-D79BE690EF23}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{0749CB55-8676-4071-A3D6-6DDE7E94764F}" = O&O Defrag Agent
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D4B5330-CEA9-4D58-8355-74729AE527CD}" = Topaz Clean 2
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05B1D21-D5B2-4126-87FE-E458616965E6}" = O&O Defrag Professional
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"comcasttb" = Comcast Toolbar 3.0
"DivX Setup.divx.com" = DivX Setup
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Fanfiction Downloader_is1" = Fanfiction Downloader v4.0.4
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InfraRecorder" = InfraRecorder
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"KeyHoleTV" = KeyHoleTV
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nvu_is1" = Nvu 1.0PR
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"VobSub" = VobSub v2.23 (Remove Only)
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZillaTube" = ZillaTube 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 6:10:45 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/6/2010 6:10:45 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/6/2010 6:10:46 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 11/7/2010 12:16:17 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/7/2010 12:16:17 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/7/2010 12:16:17 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 11/8/2010 4:07:56 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/8/2010 4:07:56 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/8/2010 4:07:57 PM | Computer Name = ScarletFBL-PC | Source = MsiInstaller | ID = 1023
Description =

Error - 11/8/2010 4:33:24 PM | Computer Name = ScarletFBL-PC | Source = Application Error | ID = 1000
Description = Faulting application DivXUpdate.exe, version 1.0.1.10, time stamp
0x4c06fc6d, faulting module MSVCP80.dll, version 8.0.50727.4053, time stamp 0x4a594cd0,
exception code 0xc0000005, fault offset 0x000100b5, process id 0x848, application
start time 0x01cb7f7ff8a197e2.

[ Media Center Events ]
Error - 9/14/2010 7:50:06 PM | Computer Name = ScarletFBL-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/6/2010 1:00:40 PM | Computer Name = ScarletFBL-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/6/2010 4:41:48 PM | Computer Name = ScarletFBL-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/6/2010 6:10:47 PM | Computer Name = ScarletFBL-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/7/2010 10:00:55 AM | Computer Name = ScarletFBL-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/7/2010 12:16:20 PM | Computer Name = ScarletFBL-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/7/2010 3:47:13 PM | Computer Name = ScarletFBL-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 4:03:40 PM | Computer Name = ScarletFBL-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 4:09:22 PM | Computer Name = ScarletFBL-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/9/2010 8:27:35 AM | Computer Name = ScarletFBL-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/9/2010 8:33:18 AM | Computer Name = ScarletFBL-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report > Whoa! Whoa!

ScarletFBL
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
Gender Gender : Female
OS OS : Vista Home Premium
Points Points : 26348
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uknown trojan/virus, causing loss of local disk space

Post by Belahzur on Thu Nov 11, 2010 12:30 am

Hello.
Please post the main OTL.txt log as well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum