how do I remove windows diagnostic from my computer?

View previous topic View next topic Go down

how do I remove windows diagnostic from my computer?

Post by Melissa on 23rd March 2011, 12:54 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:44 PM, on 3/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Melissa Lewis\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Nfinesiyovup] rundll32.exe "C:\WINDOWS\isojamazekud.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [lguonkLrVrVNg.exe] C:\Documents and Settings\All Users\Application Data\lguonkLrVrVNg.exe
O4 - HKCU\..\Run: [xjljVa7b] C:\Documents and Settings\All Users\Application Data\xjljVa7b.exe
O4 - HKCU\..\Run: [GrAFPYgSYMuoYt] C:\Documents and Settings\All Users\Application Data\GrAFPYgSYMuoYt.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

--
End of file - 6773 bytes

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 23rd March 2011, 1:29 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

both OTL logs

Post by Melissa on 23rd March 2011, 2:53 pm

1st log:

OTL logfile created on: 3/23/2011 10:32:54 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melissa Lewis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 104.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.08 Gb Free Space | 69.93% Space Free | Partition Type: NTFS

Computer Name: NB-14W2 | User Name: Melissa Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 09:30:24 | 000,593,920 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2006/01/19 21:34:26 | 000,544,768 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006/01/05 01:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2006/01/05 01:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/04/04 07:50:04 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 17:28:00 | 000,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/27 03:47:00 | 004,241,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/19 21:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/05 01:33:00 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/01/05 01:33:00 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/27 00:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/26 09:32:58 | 000,000,000 | ---D | M]

[2009/10/08 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Extensions
[2009/10/08 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/02/26 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\extensions
[2011/02/26 10:01:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/24 19:25:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/03/23 08:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Web-Based Email Tools [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.99.127.7 216.99.112.41 192.168.1.1 216.99.127.7 216.99.112.41
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/22 05:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 10:13:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
[2011/03/23 09:00:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/23 08:24:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/23 08:17:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/23 08:17:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/23 08:17:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/23 08:17:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/23 08:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/23 08:14:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/21 14:46:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Melissa Lewis\Recent
[2011/03/21 07:10:00 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/03/03 23:46:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\IECompatCache
[2011/03/03 23:45:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\PrivacIE
[2011/03/03 23:43:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\IETldCache
[2011/03/03 23:38:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/23 10:32:26 | 000,037,560 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\wklnhst.dat
[2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
[2011/03/23 09:59:25 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 09:58:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/23 09:41:07 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 08:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/23 08:24:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/23 07:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kragiwogijan.bin
[2011/03/22 17:18:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 07:11:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hracitafabiz.dat
[2011/03/20 18:55:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044
[2011/03/20 18:55:45 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044r
[2011/03/20 18:55:05 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18997044
[2011/03/18 22:37:30 | 000,530,360 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\Instruction Manual 435dx Eng.pdf
[2011/03/18 22:36:06 | 000,541,315 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\110dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/18 22:35:10 | 000,542,142 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\135dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/13 10:43:51 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 10:43:51 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 10:43:00 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Bargain Basement Tag Assignment.xlr
[2011/03/03 23:43:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/01 08:46:15 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Melissa.xlr
[2011/02/26 09:33:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/26 09:33:09 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/25 13:08:31 | 000,333,829 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_zoning_map.pdf
[2011/02/25 13:08:20 | 000,210,539 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_map_with_dimensions.pdf
[2011/02/25 13:08:09 | 000,080,592 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_recorded_survey_Map_Cabinet_28_page_491.pdf
[2011/02/25 13:07:59 | 000,160,669 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_aerial_view.pdf
[2011/02/25 13:07:41 | 000,080,592 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Sabbath home.pdf
[2011/02/22 16:55:30 | 000,078,455 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Pam Gibson.pdf
[2011/02/21 11:20:22 | 000,011,316 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\finishingtouch_beauty.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/23 08:24:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/23 08:24:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/23 08:17:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/23 08:17:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/23 08:17:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/23 08:17:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/23 08:17:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/21 07:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kragiwogijan.bin
[2011/03/21 07:11:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hracitafabiz.dat
[2011/03/20 18:55:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18997044r
[2011/03/20 18:55:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18997044
[2011/03/20 18:55:05 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18997044
[2011/03/18 22:37:28 | 000,530,360 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\Instruction Manual 435dx Eng.pdf
[2011/03/18 22:36:05 | 000,541,315 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\110dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/18 22:35:10 | 000,542,142 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\135dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/12 10:42:59 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Bargain Basement Tag Assignment.xlr
[2011/03/01 08:46:15 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Melissa.xlr
[2011/02/25 13:08:30 | 000,333,829 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_zoning_map.pdf
[2011/02/25 13:08:19 | 000,210,539 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_map_with_dimensions.pdf
[2011/02/25 13:08:11 | 000,080,592 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_recorded_survey_Map_Cabinet_28_page_491.pdf
[2011/02/25 13:07:59 | 000,160,669 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_aerial_view.pdf
[2011/02/25 13:07:41 | 000,080,592 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Sabbath home.pdf
[2011/02/22 16:55:30 | 000,078,455 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Pam Gibson.pdf
[2011/02/21 11:32:59 | 000,011,316 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\finishingtouch_beauty.jpg
[2011/02/16 12:16:51 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xjljVa7br
[2011/02/16 12:16:50 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xjljVa7b
[2011/02/16 12:16:41 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xjljVa7b
[2010/12/26 19:46:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/18 20:22:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/24 15:48:44 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 09:21:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/28 09:52:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/25 16:11:16 | 000,001,610 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2009/11/25 16:11:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2009/09/08 10:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/18 09:19:22 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/12/07 16:25:12 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Application Data\LMLayout.dat
[2007/12/07 16:24:16 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2006/08/29 07:44:06 | 000,037,560 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Application Data\wklnhst.dat
[2006/06/22 06:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/22 05:52:09 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/22 05:52:09 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2006/06/22 05:52:09 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/06/22 05:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/06/22 05:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/06/22 05:48:48 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/06/22 05:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/06/22 05:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/06/22 05:46:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/06/22 05:38:17 | 000,125,796 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/22 05:27:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/22 05:20:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/21 21:38:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/21 21:36:52 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/05 01:33:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2006/01/05 01:33:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE187F5B

< End of report >




2nd log

OTL logfile created on: 3/23/2011 10:32:54 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melissa Lewis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 104.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.08 Gb Free Space | 69.93% Space Free | Partition Type: NTFS

Computer Name: NB-14W2 | User Name: Melissa Lewis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 09:30:24 | 000,593,920 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2006/01/19 21:34:26 | 000,544,768 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006/01/05 01:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2006/01/05 01:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/04/04 07:50:04 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 17:28:00 | 000,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/27 03:47:00 | 004,241,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/19 21:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/05 01:33:00 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/01/05 01:33:00 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/29 20:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/27 00:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/26 09:32:58 | 000,000,000 | ---D | M]

[2009/10/08 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Extensions
[2009/10/08 12:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/02/26 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\extensions
[2011/02/26 10:01:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/24 19:25:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/03/23 08:39:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: Web-Based Email Tools [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.99.127.7 216.99.112.41 192.168.1.1 216.99.127.7 216.99.112.41
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/22 05:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 10:13:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
[2011/03/23 09:00:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/23 08:24:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/23 08:17:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/23 08:17:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/23 08:17:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/23 08:17:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/23 08:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/23 08:14:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/21 14:46:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Melissa Lewis\Recent
[2011/03/21 07:10:00 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/03/03 23:46:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\IECompatCache
[2011/03/03 23:45:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\PrivacIE
[2011/03/03 23:43:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melissa Lewis\IETldCache
[2011/03/03 23:38:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/23 10:32:26 | 000,037,560 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\wklnhst.dat
[2011/03/23 10:13:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Lewis\Desktop\OTL.exe
[2011/03/23 09:59:25 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 09:58:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/23 09:41:07 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 08:39:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/23 08:24:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/23 07:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kragiwogijan.bin
[2011/03/22 17:18:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 07:11:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hracitafabiz.dat
[2011/03/20 18:55:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044
[2011/03/20 18:55:45 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044r
[2011/03/20 18:55:05 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18997044
[2011/03/18 22:37:30 | 000,530,360 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\Instruction Manual 435dx Eng.pdf
[2011/03/18 22:36:06 | 000,541,315 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\110dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/18 22:35:10 | 000,542,142 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Desktop\135dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/13 10:43:51 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 10:43:51 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 10:43:00 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Bargain Basement Tag Assignment.xlr
[2011/03/03 23:43:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/01 08:46:15 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Melissa.xlr
[2011/02/26 09:33:10 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/26 09:33:09 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/25 13:08:31 | 000,333,829 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_zoning_map.pdf
[2011/02/25 13:08:20 | 000,210,539 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_map_with_dimensions.pdf
[2011/02/25 13:08:09 | 000,080,592 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_recorded_survey_Map_Cabinet_28_page_491.pdf
[2011/02/25 13:07:59 | 000,160,669 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_aerial_view.pdf
[2011/02/25 13:07:41 | 000,080,592 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Sabbath home.pdf
[2011/02/22 16:55:30 | 000,078,455 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Pam Gibson.pdf
[2011/02/21 11:20:22 | 000,011,316 | ---- | M] () -- C:\Documents and Settings\Melissa Lewis\My Documents\finishingtouch_beauty.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/23 08:24:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/23 08:24:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/23 08:17:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/23 08:17:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/23 08:17:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/23 08:17:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/23 08:17:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/21 07:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kragiwogijan.bin
[2011/03/21 07:11:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hracitafabiz.dat
[2011/03/20 18:55:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18997044r
[2011/03/20 18:55:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18997044
[2011/03/20 18:55:05 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18997044
[2011/03/18 22:37:28 | 000,530,360 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\Instruction Manual 435dx Eng.pdf
[2011/03/18 22:36:05 | 000,541,315 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\110dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/18 22:35:10 | 000,542,142 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Desktop\135dx_Instruction_Manual_Eng_June_08.pdf
[2011/03/12 10:42:59 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Bargain Basement Tag Assignment.xlr
[2011/03/01 08:46:15 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Melissa.xlr
[2011/02/25 13:08:30 | 000,333,829 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_zoning_map.pdf
[2011/02/25 13:08:19 | 000,210,539 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_map_with_dimensions.pdf
[2011/02/25 13:08:11 | 000,080,592 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_recorded_survey_Map_Cabinet_28_page_491.pdf
[2011/02/25 13:07:59 | 000,160,669 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\PID_232FA003_aerial_view.pdf
[2011/02/25 13:07:41 | 000,080,592 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Sabbath home.pdf
[2011/02/22 16:55:30 | 000,078,455 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\Pam Gibson.pdf
[2011/02/21 11:32:59 | 000,011,316 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\My Documents\finishingtouch_beauty.jpg
[2011/02/16 12:16:51 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xjljVa7br
[2011/02/16 12:16:50 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xjljVa7b
[2011/02/16 12:16:41 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xjljVa7b
[2010/12/26 19:46:17 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/18 20:22:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/24 15:48:44 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 09:21:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/28 09:52:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/25 16:11:16 | 000,001,610 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2009/11/25 16:11:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2009/09/08 10:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/18 09:19:22 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/12/07 16:25:12 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Application Data\LMLayout.dat
[2007/12/07 16:24:16 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2006/08/29 07:44:06 | 000,037,560 | ---- | C] () -- C:\Documents and Settings\Melissa Lewis\Application Data\wklnhst.dat
[2006/06/22 06:00:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/22 05:52:09 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/22 05:52:09 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2006/06/22 05:52:09 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/06/22 05:48:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/06/22 05:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/06/22 05:48:48 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/06/22 05:48:48 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/06/22 05:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/06/22 05:48:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/06/22 05:46:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/06/22 05:38:17 | 000,125,796 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/22 05:27:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/22 05:20:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/21 21:38:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/21 21:36:52 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/05 01:33:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2006/01/05 01:33:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE187F5B

< End of report >










Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 23rd March 2011, 10:12 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2011/03/23 07:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kragiwogijan.bin
    [2011/03/21 07:11:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hracitafabiz.dat
    [2011/03/20 18:55:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044
    [2011/03/20 18:55:45 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044r
    [2011/03/20 18:55:05 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18997044


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Melissa on 24th March 2011, 3:07 am

Error: Unable to interpret <[2011/03/23 07:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kragiwogijan.bin> in the current context!
Error: Unable to interpret <[2011/03/22 17:18:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2011/03/21 07:11:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hracitafabiz.dat> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:45 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044r> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:05 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18997044> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 03232011_230530

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 24th March 2011, 9:01 pm

Hello.
The script didn't work as :OTL wasn't included as the first line, try the script again and make sure you get everything that is bolded.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Same response from OTL: Log Posted

Post by Melissa on 25th March 2011, 12:39 am

Error: Unable to interpret <[2011/03/23 07:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kragiwogijan.bin> in the current context!
Error: Unable to interpret <[2011/03/22 17:18:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2011/03/21 07:11:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hracitafabiz.dat> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:45 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18997044r> in the current context!
Error: Unable to interpret <[2011/03/20 18:55:05 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18997044> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 03242011_203657

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 25th March 2011, 8:22 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Malwarebytes reported no problems in the scan

Post by Melissa on 26th March 2011, 1:46 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6141

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/25/2011 9:40:40 PM
mbam-log-2011-03-25 (21-40-40).txt

Scan type: Quick scan
Objects scanned: 157466
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 26th March 2011, 9:13 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

combofix log

Post by Melissa on 28th March 2011, 12:04 am

ComboFix 11-03-27.01 - Melissa Lewis 03/27/2011 19:38:38.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.134 [GMT -7:00]
Running from: c:\documents and settings\Melissa Lewis\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-24 14:37 . 2011-03-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-03-24 14:37 . 2011-03-25 15:47 -------- d-----w- c:\program files\Panda USB Vaccine
2011-03-24 14:23 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-24 06:05 . 2011-03-24 06:05 -------- d-----w- C:\_OTL
2011-03-24 05:49 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-24 05:49 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-24 05:49 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-24 05:49 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-23 19:03 . 2011-03-23 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-23 18:41 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 18:41 . 2011-03-23 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 18:41 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 03:35 . 2011-03-23 15:44 514230 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-23 00:39 . 2011-03-23 00:40 -------- d-----w- c:\documents and settings\Administrator
2011-03-21 14:11 . 2011-03-23 14:56 0 ----a-w- c:\windows\Kragiwogijan.bin
2011-03-21 14:10 . 2006-02-28 12:00 4224 ----a-w- c:\windows\system32\beep.sys
2011-03-04 06:46 . 2011-03-04 06:46 -------- d-sh--w- c:\documents and settings\Melissa Lewis\IECompatCache
2011-03-04 06:45 . 2011-03-04 06:45 -------- d-sh--w- c:\documents and settings\Melissa Lewis\PrivacIE
2011-03-04 06:44 . 2011-03-04 06:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-04 06:43 . 2011-03-04 06:43 -------- d-sh--w- c:\documents and settings\Melissa Lewis\IETldCache
2011-03-04 06:38 . 2011-03-04 06:41 -------- dc----w- c:\windows\ie8
2011-02-26 16:32 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-02-26 16:32 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-02-26 16:32 . 2010-12-03 19:35 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-26 16:32 . 2010-12-03 19:35 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-06-22 12:18 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-06-22 12:18 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
.
c:\documents and settings\Melissa Lewis\Start Menu\Programs\Startup\
PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2011-3-24 1287176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-22 593920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PageBreeze\\pagebreeze.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/5/2006 1:33 AM 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [1/5/2006 1:33 AM 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/18/2009 11:29 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/18/2009 11:29 AM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 3:20 PM 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 1:49 PM 284016]
S3 ECIoCtrl32_001.sys;ECIoCtrl32_001.sys;\??\d:\driver\ICP\ECIoCtrl32_001.sys --> d:\driver\ICP\ECIoCtrl32_001.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 22:20]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Spyware Doctor - c:\documents and settings\Melissa Lewis\Desktop\sware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-27 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-27 19:55:07
ComboFix-quarantined-files.txt 2011-03-28 02:54
ComboFix2.txt 2011-03-23 15:49
.
Pre-Run: 42,369,040,384 bytes free
Post-Run: 42,492,051,456 bytes free
.
- - End Of File - - EC2C3E809D01BBE2ABDF4064FF2CA998

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 28th March 2011, 3:36 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\Kragiwogijan.bin
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Combofix lot

Post by Melissa on 28th March 2011, 9:00 pm

ComboFix 11-03-28.01 - Melissa Lewis 03/28/2011 16:46:35.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.119 [GMT -7:00]
Running from: c:\documents and settings\Melissa Lewis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Melissa Lewis\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Kragiwogijan.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Kragiwogijan.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-24 14:37 . 2011-03-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-03-24 14:37 . 2011-03-25 15:47 -------- d-----w- c:\program files\Panda USB Vaccine
2011-03-24 14:23 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-24 06:05 . 2011-03-24 06:05 -------- d-----w- C:\_OTL
2011-03-24 05:49 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-24 05:49 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-24 05:49 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-24 05:49 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-23 19:03 . 2011-03-23 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-23 18:41 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 18:41 . 2011-03-23 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 18:41 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 03:35 . 2011-03-23 15:44 514230 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-23 00:39 . 2011-03-23 00:40 -------- d-----w- c:\documents and settings\Administrator
2011-03-21 14:10 . 2006-02-28 12:00 4224 ----a-w- c:\windows\system32\beep.sys
2011-03-04 06:46 . 2011-03-04 06:46 -------- d-sh--w- c:\documents and settings\Melissa Lewis\IECompatCache
2011-03-04 06:45 . 2011-03-04 06:45 -------- d-sh--w- c:\documents and settings\Melissa Lewis\PrivacIE
2011-03-04 06:44 . 2011-03-04 06:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-04 06:43 . 2011-03-04 06:43 -------- d-sh--w- c:\documents and settings\Melissa Lewis\IETldCache
2011-03-04 06:38 . 2011-03-04 06:41 -------- dc----w- c:\windows\ie8
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-06-22 12:18 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-06-22 12:18 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
.
c:\documents and settings\Melissa Lewis\Start Menu\Programs\Startup\
PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2011-3-24 1287176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-22 593920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PageBreeze\\pagebreeze.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/5/2006 1:33 AM 34144]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [1/5/2006 1:33 AM 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/18/2009 11:29 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/18/2009 11:29 AM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 3:20 PM 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 1:49 PM 284016]
S3 ECIoCtrl32_001.sys;ECIoCtrl32_001.sys;\??\d:\driver\ICP\ECIoCtrl32_001.sys --> d:\driver\ICP\ECIoCtrl32_001.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 22:20]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Melissa Lewis\Application Data\Mozilla\Firefox\Profiles\bw8l68lu.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-03-28 16:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-03-28 16:56:51
ComboFix-quarantined-files.txt 2011-03-28 23:56
ComboFix2.txt 2011-03-28 23:43
ComboFix3.txt 2011-03-28 02:55
ComboFix4.txt 2011-03-23 15:49
.
Pre-Run: 42,400,288,768 bytes free
Post-Run: 42,386,440,192 bytes free
.
- - End Of File - - 1DA865C237D52D396F8D485A12B6E9ED

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 29th March 2011, 6:32 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Melissa on 29th March 2011, 9:26 pm

Eset showed 3 threats detected but I don't know how to find the log so I can post it. Help?

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 30th March 2011, 6:52 pm

Did you select it to remove what was found?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Melissa on 31st March 2011, 1:47 am

yes.

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Belahzur on 1st April 2011, 8:00 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: how do I remove windows diagnostic from my computer?

Post by Melissa on 2nd April 2011, 11:39 am

Actually...it's running great! You are awesome!!!!!

Melissa
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-07-26
Gender Gender : Female
OS OS : Microsoft windows xp
Points Points : 27317
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum