Hard Drive Diagnostic Virus / Malware

View previous topic View next topic Go down

Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 11:29 am


Hello there my name is Simon and I would love assistance with removing this virus please.
I was on the computer last last night when this virus flashed up and pretty much shut me down.
Origionally just after the infection, all I pretty much had left on my screen was NOTHING.
All the short cuts were gone, all the icons on the taskbar were gone, all my favorites for the internet were gone and the 'All Programs' from the 'Start' button are gone......just a blank bit.
No documents, no pictures hardly anything.
There is good news though:) AFTER proceeding with those two information gathering steps, I have the task bar back with the icons, my desktop shortcuts.....that work, all my documents except th yellow folders are really dull and all the pictures are dull, once I open the pictures they look fine??? I still have no favorites......I just checked thought and they are in my 'documents and settings'. Most of all no 'All Programs' nothing.

I have followed all you requests in providing you with the information you asked for.
I hope the information will assist you in helping me.
Thanks for your time.
Regards
Simon.

I JUST TRIED SENDING THIS MESSAGE WITH ALL THE DOCUMENTS YOU REQUIRE AND I RECEIVE A MESSAGE 'THE POSTED MESSAGE IS TOO LONG'. SORRY I MUST BE DOING SOMETING WRONG??


soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 11:34 am

OTL logfile created on: 10/06/2011 9:04:09 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Si\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
3.84 Gb Paging File | 3.17 Gb Available in Paging File | 82.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 37.43 Gb Free Space | 33.48% Space Free | Partition Type: NTFS
Drive G: | 7.46 Gb Total Space | 3.00 Gb Free Space | 40.21% Space Free | Partition Type: FAT32

Computer Name: SOLORAINE | User Name: Si | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 09:02:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Si\Desktop\OTL.com
PRC - [2011/03/29 09:04:54 | 001,766,736 | -H-- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2011/03/29 09:04:54 | 001,115,472 | -H-- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2011/03/29 09:04:54 | 000,251,216 | -H-- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2011/03/29 09:04:53 | 000,212,992 | -H-- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2011/03/29 09:04:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2011/03/29 09:04:52 | 000,206,152 | -H-- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | -H-- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/04 11:31:08 | 000,428,640 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | -H-- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/09/17 11:21:00 | 000,301,648 | -H-- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2010/08/24 11:07:34 | 000,740,160 | -H-- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2010/02/03 09:46:52 | 001,531,904 | -H-- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/09/23 12:38:18 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/04 09:42:18 | 000,887,288 | -H-- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 17:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/01/06 08:02:24 | 000,352,256 | -H-- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/21 20:33:02 | 000,046,592 | -H-- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/12/21 05:22:14 | 000,035,328 | -H-- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/16 18:21:00 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 11:37:40 | 000,667,718 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/01 06:25:22 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/11/28 10:41:50 | 000,602,182 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 10:37:52 | 000,397,381 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/02 18:41:04 | 000,978,944 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/10/06 23:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/17 05:23:12 | 000,188,416 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/05/31 20:00:12 | 000,282,624 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 19:59:58 | 000,045,056 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/03/12 09:03:16 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 09:02:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Si\Desktop\OTL.com
MOD - [2010/08/24 02:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002/03/03 22:40:00 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/29 09:04:54 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/03/29 09:04:53 | 000,212,992 | -H-- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/03/29 09:04:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/29 09:04:52 | 000,206,152 | -H-- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/03/04 11:31:08 | 000,428,640 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/09/17 11:21:00 | 000,301,648 | -H-- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2010/08/24 11:07:34 | 000,740,160 | -H-- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2010/02/26 16:14:04 | 000,652,800 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/23 12:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/04 09:42:18 | 000,887,288 | -H-- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/08/09 17:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/21 05:22:14 | 000,035,328 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 18:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 11:30:26 | 004,333,024 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2011/03/04 11:29:00 | 000,291,424 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/28 19:27:37 | 000,005,632 | -H-- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/11/28 10:02:25 | 000,009,072 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\26750 -- (26750)
DRV - [2010/09/17 11:21:00 | 000,135,248 | -H-- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/06/09 05:54:38 | 000,244,304 | -H-- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 01:12:02 | 000,108,112 | -H-- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2010/03/22 12:58:42 | 000,079,864 | -H-- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2010/01/21 14:53:16 | 000,018,048 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 11:30:56 | 000,007,936 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 11:30:48 | 000,022,016 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 11:30:48 | 000,007,936 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/03/27 14:27:04 | 000,598,656 | -H-- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/12/05 07:32:40 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/22 14:33:02 | 000,114,304 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 14:33:02 | 000,014,976 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 14:33:00 | 000,087,936 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/12/28 14:02:12 | 000,287,232 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2005/12/21 20:55:50 | 000,013,568 | -H-- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2005/12/21 20:55:34 | 000,033,024 | -H-- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2005/12/21 20:25:32 | 000,003,456 | -H-- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/12/09 18:48:40 | 004,123,136 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 19:55:30 | 001,428,096 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 05:01:02 | 000,043,392 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 12:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 11:09:26 | 000,013,568 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 11:00:22 | 001,122,656 | RH-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/21 08:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 23:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 23:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 23:20:00 | 000,086,524 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 23:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 23:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 23:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 23:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/10 08:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/26 06:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/26 06:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 06:33:00 | 000,102,384 | -H-- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 19:47:00 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/05 13:55:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/05 13:55:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/09 22:57:31 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/09 22:57:32 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 11:37 am

========== Files - Modified Within 30 Days ==========

[2011/06/10 09:05:08 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Si\Desktop\aswMBR.exe
[2011/06/10 09:02:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Si\Desktop\OTL.com
[2011/06/10 09:00:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Si\Desktop\Internet Explorer.lnk
[2011/06/10 08:36:11 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/10 08:32:27 | 000,000,874 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 08:32:23 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 08:32:23 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/06/10 08:31:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/10 08:31:20 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 07:29:25 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/10 07:29:25 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/10 06:59:43 | 000,116,736 | -H-- | M] () -- C:\Documents and Settings\Si\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 04:57:13 | 000,000,828 | -H-- | M] () -- C:\Documents and Settings\Si\Desktop\Windows XP Restore.lnk
[2011/06/10 04:57:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/10 04:56:07 | 137,482,240 | -H-- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/06/10 01:23:22 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\Si\Application Data\default.rss
[2011/06/10 01:23:20 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/10 01:10:39 | 000,004,795 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/06/10 01:10:39 | 000,000,213 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/06/10 01:10:39 | 000,000,085 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/06/10 01:10:39 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/06/10 01:09:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/10 00:56:05 | 000,162,728 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/10 00:18:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/06/10 00:18:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2011/06/10 00:18:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/06/10 00:18:12 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 23:01:11 | 000,450,018 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/09 23:01:11 | 000,074,852 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/09 23:00:57 | 000,001,876 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Nokia Ovi Player.lnk
[2011/06/09 22:55:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/09 21:32:45 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/06/07 07:19:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/05 18:12:59 | 000,386,043 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] download.torrent
[2011/06/05 14:20:27 | 000,021,148 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] The_Big_Bang_Theory_Season_4.6080621.TPB.torrent
[2011/06/05 08:00:08 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/06/01 15:12:00 | 000,034,452 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/01 15:04:40 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Family Budget 2011.xlr
[2011/05/29 20:32:38 | 000,048,522 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] The_Office_Season_6_Complete.torrent
[2011/05/29 09:22:07 | 025,240,215 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Wing Chun - Dan Chi Sau (basics) part 2 [[You must be registered and logged in to see this link.]
[2011/05/29 09:19:27 | 017,463,557 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Wing Chun - Dan Chi Sau (basics) part 1 [[You must be registered and logged in to see this link.]
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:23:54 | 000,500,244 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Vehicle Electrics Multimeter.pdf
[2011/05/28 11:12:17 | 000,241,562 | -H-- | M] () -- C:\Documents and Settings\Si\Desktop\DSC03012.JPG
[2011/05/27 21:57:39 | 000,032,902 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\Mitsubishi Magna TJ Workshop Manual.pdf
[2011/05/27 21:02:29 | 068,868,497 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\96458-MMV112222FWSRMO3PPFDN-Mitsubishi_Magna_Verada_1998_1999_2000_2001_2001_2003_Factory_Workshop_Service_Repair_Manual_Over_3000_Pages_Pdf_Files_-_Download_Now.rar
[2011/05/27 20:53:32 | 068,868,497 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\6896458-Mitsubishi_Magna_Verada_1998_1999_2000_2001_2001_2003_Factory_Workshop_Service_Repair_Manual_Over_3000_Pages_Pdf_Files_-_Download_Now.rar
[2011/05/27 09:43:35 | 000,243,142 | -H-- | M] () -- C:\Documents and Settings\Si\Desktop\ACNT DE Student Handbook2011[1].pdf
[2011/05/24 12:05:06 | 000,001,785 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\nike-Wing Chun.htm
[2011/05/24 11:39:04 | 000,002,483 | -H-- | M] () -- C:\Documents and Settings\Si\Desktop\Microsoft Word.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 09:01:13 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Si\Desktop\Internet Explorer.lnk
[2011/06/10 08:26:32 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/10 07:29:25 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/10 07:29:24 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/10 04:57:13 | 000,000,828 | -H-- | C] () -- C:\Documents and Settings\Si\Desktop\Windows XP Restore.lnk
[2011/06/10 04:57:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/10 00:54:41 | 000,109,056 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/10 00:18:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/06/10 00:18:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2011/06/10 00:18:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/06/09 23:00:57 | 000,001,876 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\Nokia Ovi Player.lnk
[2011/06/09 22:55:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/05 18:12:57 | 000,386,043 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] download.torrent
[2011/06/05 14:20:24 | 000,021,148 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] The_Big_Bang_Theory_Season_4.6080621.TPB.torrent
[2011/05/29 20:32:33 | 000,048,522 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\[isoHunt] The_Office_Season_6_Complete.torrent
[2011/05/29 09:22:06 | 025,240,215 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\Wing Chun - Dan Chi Sau (basics) part 2 [[You must be registered and logged in to see this link.]
[2011/05/29 09:19:26 | 017,463,557 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\Wing Chun - Dan Chi Sau (basics) part 1 [[You must be registered and logged in to see this link.]
[2011/05/28 20:23:53 | 000,500,244 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\Vehicle Electrics Multimeter.pdf
[2011/05/28 11:12:16 | 000,241,562 | -H-- | C] () -- C:\Documents and Settings\Si\Desktop\DSC03012.JPG
[2011/05/27 21:57:39 | 000,032,902 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\Mitsubishi Magna TJ Workshop Manual.pdf
[2011/05/27 21:02:22 | 068,868,497 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\96458-MMV112222FWSRMO3PPFDN-Mitsubishi_Magna_Verada_1998_1999_2000_2001_2001_2003_Factory_Workshop_Service_Repair_Manual_Over_3000_Pages_Pdf_Files_-_Download_Now.rar
[2011/05/27 20:53:26 | 068,868,497 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\6896458-Mitsubishi_Magna_Verada_1998_1999_2000_2001_2001_2003_Factory_Workshop_Service_Repair_Manual_Over_3000_Pages_Pdf_Files_-_Download_Now.rar
[2011/05/27 09:43:35 | 000,243,142 | -H-- | C] () -- C:\Documents and Settings\Si\Desktop\ACNT DE Student Handbook2011[1].pdf
[2011/05/24 12:05:04 | 000,001,785 | -H-- | C] () -- C:\Documents and Settings\Si\My Documents\nike-Wing Chun.htm
[2011/04/06 08:41:15 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/03/22 23:58:22 | 000,014,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/04 11:26:22 | 010,877,272 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/03/04 11:26:22 | 000,102,744 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/03/04 11:26:16 | 000,331,608 | -H-- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/03/04 11:14:50 | 000,027,362 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/02/23 07:19:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Si\Application Data\downloads.m3u
[2011/01/01 13:00:42 | 000,034,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/27 18:14:58 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/21 20:00:34 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\Si\Application Data\default.rss
[2010/12/16 12:42:24 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/14 15:48:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ka.ini
[2010/11/30 21:24:54 | 000,116,736 | -H-- | C] () -- C:\Documents and Settings\Si\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/29 14:54:31 | 000,000,353 | -H-- | C] () -- C:\WINDOWS\ereg077.dat
[2010/11/29 14:53:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/11/28 19:28:19 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/11/28 19:20:57 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/11/28 19:18:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/28 18:00:16 | 000,000,125 | -H-- | C] () -- C:\Documents and Settings\Si\Local Settings\Application Data\fusioncache.dat
[2010/11/28 16:30:46 | 000,068,939 | -H-- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/11/28 16:30:46 | 000,019,696 | -H-- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/01/10 07:24:32 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/10 05:37:19 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/01/10 05:35:43 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/22 11:00:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/22 10:57:24 | 000,036,736 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/12/22 10:57:24 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/12/22 10:56:31 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/22 10:54:47 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/22 10:54:47 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/22 10:54:47 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/22 10:54:47 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/22 10:54:47 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/22 10:54:46 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/22 10:17:46 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/22 10:15:19 | 000,000,176 | RH-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/12/22 10:15:19 | 000,000,176 | RH-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/12/22 10:15:10 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/12/22 10:14:26 | 000,010,165 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/22 10:14:26 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/22 10:14:25 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/22 10:14:25 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/22 09:03:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/22 08:36:49 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/22 08:35:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/22 08:29:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/22 07:15:29 | 000,002,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/22 07:15:18 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2005/12/22 07:15:18 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2005/12/22 07:15:18 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2005/12/22 07:15:18 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2005/12/22 07:15:18 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/12/22 07:14:59 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/22 07:14:57 | 000,450,018 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/22 07:14:57 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/22 07:14:57 | 000,074,852 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/22 07:14:57 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/22 07:14:56 | 000,004,631 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/22 07:14:55 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/22 07:14:54 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/22 07:14:50 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/22 07:14:50 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/22 07:14:44 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/22 07:14:38 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/22 00:25:27 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/22 00:24:40 | 000,162,728 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/28 22:33:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/03 08:44:08 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 15:30:20 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/21 11:04:02 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 08:43:28 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 20:46:00 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/03/22 02:06:16 | 000,001,714 | -H-- | M] () -- C:\Documents and Settings\Si\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/10 09:05:08 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Si\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2010/10/11 16:53:30 | 008,420,211 | -H-- | M] (Macrovision Corporation) -- C:\Documents and Settings\Si\My Documents\20080616115846062_Samsung_USB_Driver_Installer.exe
[2010/12/31 07:33:50 | 001,341,176 | -H-- | M] (CA) -- C:\Documents and Settings\Si\My Documents\am_ca_en NEW 1.exe
[2010/01/24 16:27:39 | 001,341,176 | -H-- | M] (CA) -- C:\Documents and Settings\Si\My Documents\am_ca_en.exe
[2011/01/25 22:07:06 | 2067,515,943 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\BF2_Patch_1.50.exe
[2011/02/05 10:37:05 | 000,912,224 | -H-- | M] (DivX, LLC) -- C:\Documents and Settings\Si\My Documents\DivXInstaller.exe
[2010/09/14 15:42:16 | 000,126,160 | -H-- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Si\My Documents\HoldEmSetup-dm.exe
[2010/09/14 15:43:49 | 027,762,056 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\HoldEmSetup.exe
[2010/08/26 19:12:50 | 002,285,240 | -H-- | M] (iMesh Inc. ) -- C:\Documents and Settings\Si\My Documents\iMeshV10.exe
[2010/07/14 08:24:48 | 096,768,824 | -H-- | M] (Apple Inc.) -- C:\Documents and Settings\Si\My Documents\iTunesSetup.exe
[2010/10/19 16:11:19 | 004,198,376 | -H-- | M] (Logitech, Inc.) -- C:\Documents and Settings\Si\My Documents\Logitech driver.exe
[2010/11/28 18:41:58 | 006,153,352 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Si\My Documents\mbam-setup.exe
[2009/11/15 09:12:02 | 001,779,283 | -H-- | M] (Internet Marketing Center) -- C:\Documents and Settings\Si\My Documents\My Clothing Wholesale Contacts.exe
[2010/02/13 17:28:31 | 369,762,400 | -H-- | M] (Nero AG) -- C:\Documents and Settings\Si\My Documents\Nero-9.4.26.0.exe
[2010/02/13 18:05:11 | 360,541,416 | -H-- | M] (Nero AG) -- C:\Documents and Settings\Si\My Documents\Nero_BackItUpAndBurn-1.2.17b.exe
[2010/10/11 17:23:34 | 067,602,271 | -H-- | M] (Macrovision Corporation) -- C:\Documents and Settings\Si\My Documents\New Samsung.exe
[2009/09/23 11:45:30 | 002,069,088 | -H-- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Si\My Documents\RegCureSetup_RW.exe
[2011/02/05 13:48:13 | 000,899,414 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\SetupDVDDecrypter_3.5.4.0.exe
[2010/03/19 15:47:08 | 001,688,360 | -H-- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Si\My Documents\SkypeSetup.exe
[2010/10/19 15:39:59 | 020,808,072 | -H-- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Si\My Documents\SkypeSetupFull.exe
[2010/11/25 20:22:10 | 016,409,960 | -H-- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Si\My Documents\spybotsd162.exe
[2010/09/12 07:58:01 | 000,328,568 | -H-- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Si\My Documents\utorrent.exe
[2011/03/19 17:23:54 | 003,558,948 | -H-- | M] (SWE von Schleusen ) -- C:\Documents and Settings\Si\My Documents\uzsetup.exe
[2010/06/27 20:14:02 | 002,496,707 | -H-- | M] (VSO-Software SARL ) -- C:\Documents and Settings\Si\My Documents\vsoDivxToDVD_setup_v0.5.2b.exe
[2009/11/20 18:27:32 | 031,241,240 | -H-- | M] (NETGEAR ) -- C:\Documents and Settings\Si\My Documents\WG111v3_v1.5.0_setup_WW.exe
[2011/03/19 17:25:36 | 019,973,448 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\winzip150.exe
[2010/03/13 10:13:43 | 001,364,434 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\wrar392.exe
[2009/08/10 18:10:30 | 001,375,783 | -H-- | M] () -- C:\Documents and Settings\Si\My Documents\wrar39b5.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2010/11/28 09:01:35 | 000,000,000 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ccmsgfrm.log
[2009/03/08 03:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/04 22:00:00 | 000,127,213 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2005/12/22 00:28:05 | 000,000,000 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2011/02/23 09:06:28 | 000,184,320 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2009/03/08 03:31:02 | 001,638,912 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mshtml.tlb
[2010/12/09 23:38:47 | 002,192,768 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntoskrnl.exe
[2008/04/14 01:42:06 | 000,016,896 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2005/12/22 10:58:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2011/01/01 08:58:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2011/01/23 12:08:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2011/03/29 09:01:17 | 000,000,000 | -H-D | M] -- C:\Program Files\CA
[2011/06/09 22:57:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2005/12/22 08:29:46 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2010/11/29 14:54:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Wonders
[2011/06/09 22:57:24 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2011/04/05 18:37:42 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2011/02/05 13:48:26 | 000,000,000 | -H-D | M] -- C:\Program Files\DVD Decrypter
[2010/11/28 19:04:24 | 000,000,000 | -H-D | M] -- C:\Program Files\DVD Shrink
[2005/12/22 10:54:33 | 000,000,000 | -H-D | M] -- C:\Program Files\DVD-RAM
[2011/05/31 20:32:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2010/11/28 16:41:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2010/11/28 16:44:48 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2011/05/02 22:49:40 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/11/29 01:54:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2011/04/16 10:00:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2010/11/29 01:59:42 | 000,000,000 | -H-D | M] -- C:\Program Files\InterVideo
[2011/04/05 18:50:11 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/04/05 18:50:58 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2005/12/22 09:05:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2011/05/27 22:35:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Logitech
[2005/12/22 10:14:25 | 000,000,000 | -H-D | M] -- C:\Program Files\ltmoh
[2011/06/10 07:45:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/28 12:52:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2010/11/28 11:33:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2011/03/19 09:44:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Encarta
[2005/12/22 08:32:47 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2010/11/28 11:33:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/04/23 07:27:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/28 12:00:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2010/11/28 11:25:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works Suite 2002
[2010/11/29 17:50:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2010/11/28 18:37:28 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2005/12/22 08:29:05 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2005/12/22 08:29:16 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2010/11/28 11:25:47 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2010/11/28 18:58:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Nero
[2011/01/25 16:17:16 | 000,000,000 | -H-D | M] -- C:\Program Files\NETGEAR
[2010/11/28 12:43:51 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2011/06/09 23:00:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Nokia
[2005/12/22 08:30:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/16 12:32:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2010/11/29 01:56:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Protector Suite QL
[2011/01/01 09:11:25 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2005/12/22 10:17:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek
[2010/11/28 18:33:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2010/11/28 17:57:34 | 000,000,000 | -H-D | M] -- C:\Program Files\RegCure
[2010/11/28 19:20:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Samsung
[2010/11/28 19:10:24 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2005/12/22 10:56:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2010/11/29 01:54:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2010/11/29 01:56:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Toshiba
[2005/12/22 08:36:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/06/06 21:30:41 | 000,000,000 | -H-D | M] -- C:\Program Files\uTorrent
[2011/05/02 22:47:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Watchtower
[2011/06/09 22:56:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2010/11/28 12:43:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2005/12/22 08:30:56 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/03/19 17:19:29 | 000,000,000 | -H-D | M] -- C:\Program Files\WinRAR
[2011/03/19 17:26:34 | 000,000,000 | -H-D | M] -- C:\Program Files\WinZip
[2005/12/22 08:32:48 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 16:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 22:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/11/28 12:36:58 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 22:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
[2004/08/04 22:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-09 22:30:05

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 21:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< >

< End of report >

OTL Extras logfile created on: 10/06/2011 9:04:09 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Si\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.76% Memory free
3.84 Gb Paging File | 3.17 Gb Available in Paging File | 82.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 37.43 Gb Free Space | 33.48% Space Free | Partition Type: NTFS
Drive G: | 7.46 Gb Total Space | 3.00 Gb Free Space | 40.21% Space Free | Partition Type: FAT32

Computer Name: SOLORAINE | User Name: Si | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01400202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard - WE 2002
"{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0ea23f48-adb1-4d33-96db-0e506bd9ced9}" = Nero 9
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DCBC91E4-B72B-4E0A-97C9-D4EF389A132A}" = PC Connectivity Solution
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arthur's Thinking Games" = Arthur's Thinking Games
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eTrust Suite Personal" = CA Internet Security Suite
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia Ovi Suite" = Nokia Ovi Suite
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"RegCure" = RegCure
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/06/2011 10:53:37 AM | Computer Name = SOLORAINE | Source = Application Hang | ID = 1002
Description = Hanging application DivX Plus Player.exe, version 10.2.1.20, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/06/2011 10:54:00 AM | Computer Name = SOLORAINE | Source = Application Hang | ID = 1001
Description = Fault bucket -2113068985.

Error - 9/06/2011 10:54:06 AM | Computer Name = SOLORAINE | Source = Application Hang | ID = 1001
Description = Fault bucket -2113068985.

Error - 9/06/2011 10:58:21 AM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 9/06/2011 11:13:30 AM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 9/06/2011 2:58:24 PM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 110
Description = Ask User application closed itself. Product: 2, Sess: 0

Error - 9/06/2011 2:58:24 PM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 9/06/2011 5:28:25 PM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 9/06/2011 6:28:49 PM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 9/06/2011 6:34:19 PM | Computer Name = SOLORAINE | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

[ System Events ]
Error - 4/06/2011 10:30:17 PM | Computer Name = SOLORAINE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
00A0D13EDE75 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 6/06/2011 8:25:29 PM | Computer Name = SOLORAINE | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 7/06/2011 7:30:48 PM | Computer Name = SOLORAINE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
00A0D13EDE75 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 9/06/2011 6:25:26 PM | Computer Name = SOLORAINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service UmxPol with
arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

Error - 9/06/2011 6:25:27 PM | Computer Name = SOLORAINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >



aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 09:19:05
-----------------------------
09:19:05.187 OS Version: Windows 5.1.2600 Service Pack 3
09:19:05.187 Number of processors: 1 586 0xE08
09:19:05.187 ComputerName: SOLORAINE UserName: Si
09:19:06.203 Initialize success
09:19:20.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:19:20.156 Disk 0 Vendor: SAMSUNG_HM121HI LZ100-08 Size: 114473MB BusType: 3
09:19:22.187 Disk 0 MBR read successfully
09:19:22.187 Disk 0 MBR scan
09:19:22.187 Disk 0 Windows XP default MBR code
09:19:24.187 Disk 0 scanning sectors +234436545
09:19:24.218 Disk 0 scanning C:\WINDOWS\system32\drivers
09:19:30.296 Service scanning
09:19:31.203 Disk 0 trace - called modules:
09:19:31.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a1b71ed]<<
09:19:31.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b7ab8]
09:19:31.203 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a5dc9e8]
09:19:31.218 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5dcd98]
09:19:31.218 \Driver\atapi[0x8a5bf150] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a1b71ed
09:19:31.718 Scan finished successfully
09:19:56.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Si\Desktop\MBR.dat"
09:19:56.546 The log file has been saved successfully to "C:\Documents and Settings\Si\Desktop\aswMBR.txt"



soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Fri 10 Jun 2011, 2:49 pm

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 6:31 pm

Sure thing, thanks for you help.
Im not sure if this is what you wanted from combofix. I got a message saying it would be dangerous to run combofix while CA antivirus is installed on the computer. CA was disabled from the start, so I just clicked on ignore.
Let meknow if this is not correct. Chers

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6823

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/06/2011 5:25:26 PM
mbam-log-2011-06-10 (17-25-26).txt

Scan type: Quick scan
Objects scanned: 185252
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Fri 10 Jun 2011, 8:18 pm

Yes thats fine.You can run Combofix like that.Just clicked on ignore






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 9:07 pm

Hi PC, I had to uninstall CA Antivirus. Should I reinstall it now, or wait until we have finished?

ComboFix 11-06-09.06 - Si 10/06/2011 19:56:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1690 [GMT 10:00]
Running from: c:\documents and settings\Si\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ray\WINDOWS
c:\documents and settings\Si\Application Data\Local
c:\documents and settings\Si\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Si\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Si\Desktop\Internet Explorer.lnk
c:\documents and settings\Si\WINDOWS
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 03:58 . 2011-06-10 07:04 -------- d-----w- c:\windows\system32\NtmsData
2011-06-10 02:04 . 2011-06-10 02:59 -------- d-----w- c:\documents and settings\Si\Application Data\Zejui
2011-06-10 02:04 . 2011-06-10 02:22 -------- d-----w- c:\documents and settings\Si\Application Data\Xehaco
2011-06-09 21:46 . 2011-06-10 07:17 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-06-09 21:00 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 21:00 . 2011-06-09 21:45 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-06-09 19:08 . 2011-06-09 19:08 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-06-09 19:02 . 2011-06-09 19:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-06-09 19:02 . 2011-06-09 19:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-09 14:18 . 2008-04-13 19:45 26112 -c-ha-w- c:\windows\system32\dllcache\usbser.sys
2011-06-09 14:18 . 2008-04-13 19:45 26112 ---ha-w- c:\windows\system32\drivers\usbser.sys
2011-06-09 14:17 . 2008-03-21 03:57 14640 ---h--w- c:\windows\system32\spmsgXP_2k3.dll
2011-06-09 14:17 . 2011-06-09 14:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\PC Suite
2011-06-09 14:17 . 2011-06-09 14:24 -------- d--h--w- c:\documents and settings\Si\Application Data\PC Suite
2011-06-09 14:16 . 2011-06-09 14:19 -------- d--h--w- c:\documents and settings\Si\Application Data\Nokia
2011-06-09 13:01 . 2011-06-09 14:24 -------- d--h--w- c:\documents and settings\Si\Local Settings\Application Data\Nokia
2011-06-09 13:01 . 2011-06-09 13:01 -------- d--h--w- c:\windows\Globalization
2011-06-09 13:00 . 2011-06-09 13:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\NokiaMusic
2011-06-09 12:54 . 2011-06-09 12:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2011-05-29 10:56 . 2011-05-29 10:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-27 10:53 . 2011-05-27 10:53 -------- d--h--w- c:\documents and settings\Si\Local Settings\Application Data\WinZip
2011-05-22 12:58 . 2011-05-22 12:58 -------- d--h--w- c:\documents and settings\Si\Application Data\Template
2011-05-22 12:49 . 2011-05-22 12:49 -------- d--h--w- c:\documents and settings\Si\Local Settings\Application Data\IsolatedStorage
2011-05-22 03:46 . 2011-05-22 03:46 -------- d--h--w- c:\windows\system32\Adobe
2011-05-12 10:55 . 2011-05-12 10:55 -------- d-----w- C:\5838b1f89dbcd64633
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 12:22 . 2011-05-02 12:22 53248 ---h--r- c:\documents and settings\Si\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-05 22:41 . 2011-04-05 22:41 43520 ---ha-w- c:\windows\system32\CmdLineExt03.dll
2011-03-28 23:04 . 2010-11-27 22:56 95568 ---ha-w- c:\windows\system32\vetredir.dll
2011-03-28 23:04 . 2010-11-27 22:56 128336 ---ha-w- c:\windows\system32\isafeif.dll
2011-03-22 13:58 . 2011-03-22 13:58 14168 ---ha-w- c:\windows\system32\drivers\iKeyLFT2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NDSTray.exe"="NDSTray.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-21 30208]
"TPSMain"="TPSMain.exe" [2005-05-31 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-22 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-21 10:42 40448 ---h--w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-14 23:29 88203 ---ha-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ---ha-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ---ha-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 05:33 421160 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ---ha-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 05:10 2192672 ---ha-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 11:17 385928 ---ha-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ---ha-w- c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-29 04:04 39408 ---ha-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ---ha-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ---ha-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 12:13 PM 38144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [21/12/2005 8:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [21/12/2005 8:55 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [21/12/2005 8:25 PM 3456]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/03/2011 11:31 AM 428640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2011 1:20 PM 136176]
S3 26750;26750;c:\windows\system32\drivers\26750 [28/11/2010 10:02 AM 9072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2011 1:20 PM 136176]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 2:02 PM 287232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:50]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 03:20]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 03:20]
.
2011-06-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-06-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.] target="_blank" rel="nofollow">hxxp://admin:password@www.routerlogin.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-10 20:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\26750]
"ImagePath"="System32\DRIVERS\26750"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\TPSMain.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-06-10 20:05:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 10:05
.
Pre-Run: 40,240,885,760 bytes free
Post-Run: 40,746,287,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5F1F46501749141CCA7BDF593DABF638

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Fri 10 Jun 2011, 9:37 pm

Yes You can install your av now as I see no more malware.We are all done.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Fri 10 Jun 2011, 10:29 pm

Hi PC, Everything looks great.
Would you happen to know why there are no programs (except two that we downloaded) in the 'All Programs' tab when you click on the 'Start' button?? Its pretty much blank. I cant access 'System Restore' or any of them.

Interestingly, after we removed all those programs we downloaded all my desktop icons were gone bar 5 of them. All my documents were gone, all the program files in C:, all the files in 'documents and settings'.....really strange. I went to 'add or remove program' and they are all in the list. So I went to 'Folder Options' in control pannel and checked 'show hidden files an folders', and they all appeared again. They are all a lighter colour though, like the hidden folder colour???
Any suggestions.
Thanks for your help
Simon

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Sat 11 Jun 2011, 9:25 am

Not sure as to what would have caused that.Its not really my field.All I can suggest is that you open a new thread on one of the other forums and see if they can help.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Sat 11 Jun 2011, 3:14 pm

Hey PC all soughted. Thanks very much for your help.

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Sat 11 Jun 2011, 4:31 pm

Your welcome.Glad to help.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Sat 11 Jun 2011, 7:25 pm

Hi PC, just a quick question. I was on the internet today and i had this page flash up saying that my computer is infected, and started to do a scan.
It was not the same one as before, it was different . I closed down the page right away and scanned the computer with malwarebytes and nothing came up.
What do you think that was about? Any suggestions?
Every thing seem to be operating fine.
Thanks

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Pancake on Sat 11 Jun 2011, 9:05 pm

It was just a con to get you to by their scanner.You did the right thing by closing it.......






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by soloraine on Sat 11 Jun 2011, 9:23 pm

Great PC......I was hoping it was something like that.

Thank you again for your time and knowledge.

soloraine

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-06-10
Operating System : XP Professional V2002 Service Pack 3

View user profile

Back to top Go down

Re: Hard Drive Diagnostic Virus / Malware

Post by Sponsored content Today at 11:30 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum