Jump to content

Leo Ali

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

 Content Type 

Everything posted by Leo Ali

  1. Leo Ali
    It seems as though the symptoms are gone, thank you very much for your help. Do you see anything else I should fix, are all of those unknown errors in the HJT log safe to leave that way?
  2. Leo Ali
    I went to the filepath, and uncheck 'read-only' in the HOSTS file properties. The button to replace it worked fine this time.
  3. Leo Ali
    Extracted the contents to my desktop, and ran the application. I got an error when I clicked to restore hosts file though (screenshot attached).
  4. Leo Ali
    OTL logfile created on: 7/2/2010 7:51:59 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Lenny\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.57 Gb Total Space | 121.08 Gb Free Space | 42.10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 914.26 Gb Total Space | 612.44 Gb Free Space | 66.99% Space Free | Partition Type: NTFS Computer Name: LENNY-TOSHIBA Current User Name: Lenny Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe PRC - [2009/07/23 16:36:58 | 000,963,784 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe PRC - [2009/07/23 16:32:00 | 000,376,272 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009/07/23 16:18:04 | 004,352,960 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus) SRV:64bit: - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV:64bit: - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV:64bit: - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV:64bit: - [2009/08/11 19:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009/08/05 17:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/28 18:08:12 | 000,008,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wirepots.exe -- (acrosysbackup_ex4bEOVSq1JI) SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/07/23 16:33:16 | 000,826,352 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/20 10:22:42 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) DRV:64bit: - [2009/12/20 10:22:40 | 000,926,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2009/12/20 10:22:32 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV:64bit: - [2009/12/08 19:49:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2009/12/08 18:42:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/11/24 19:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2009/11/24 19:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2009/11/24 19:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2009/11/24 19:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2009/11/24 19:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/08/05 22:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 16:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97 FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/04 22:37:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/01 19:12:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/01 19:12:49 | 000,000,000 | ---D | M] [2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions [2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions\MediaCoder [2010/07/01 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions [2010/06/24 20:02:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/12/19 12:10:03 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010/06/26 14:26:25 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2010/02/22 18:19:33 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010/02/11 18:41:37 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2010/05/01 10:38:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/02/22 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\noia2_option@kk.noia [2010/06/19 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\optout@dubfire.net [2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com [2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com-trash [2010/03/13 09:18:48 | 000,004,440 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\hyperwords.xml [2009/11/27 18:54:02 | 000,004,153 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\youtube.xml [2010/07/01 20:26:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/06/13 00:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/06/13 00:43:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010/03/18 17:07:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2010/06/29 20:26:29 | 001,005,927 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 ads.active.com O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ad2games.com O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 127.0.0.1 ads.ad2games.com O1 - Hosts: 127.0.0.1 content.ad20.net O1 - Hosts: 29900 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate) O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/02 19:51:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe [2010/06/29 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\WinPatrol [2010/06/29 20:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2010/06/28 20:31:33 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll [2010/06/28 20:31:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll [2010/06/28 20:31:33 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2010/06/28 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010/06/28 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/06/28 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010/06/28 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010/06/25 16:38:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll [2010/06/25 16:38:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll [2010/06/25 16:38:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe [2010/06/25 16:38:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe [2010/06/25 16:38:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll [2010/06/25 16:38:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll [2010/06/25 16:38:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll [2010/06/25 16:38:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll [2010/06/24 19:51:11 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll [2010/06/24 19:51:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll [2010/06/24 19:51:03 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll [2010/06/24 19:51:02 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax [2010/06/24 19:51:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll [2010/06/24 19:51:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax [2010/06/24 19:51:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax [2010/06/24 19:51:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax [2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2010/06/22 23:59:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\DAEMON Tools Pro [2010/06/17 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Abine [2010/06/15 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2010/06/15 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010/06/13 00:43:54 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2010/06/13 00:43:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe [2010/06/13 00:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe [2010/06/13 00:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe [2010/06/11 21:20:45 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2010/06/11 21:20:45 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2010/06/11 21:20:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2010/06/11 21:20:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2010/06/03 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Microsoft Games [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/02 19:53:59 | 009,175,040 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat [2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe [2010/07/02 19:46:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/07/02 18:00:38 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/02 18:00:38 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/02 17:53:23 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/07/02 17:53:10 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys [2010/07/02 17:52:27 | 001,434,854 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db [2010/07/01 19:24:57 | 000,007,606 | ---- | M] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg [2010/06/29 22:17:30 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2010/06/29 22:17:30 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2010/06/29 20:26:29 | 001,005,927 | R--- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS [2010/06/29 20:26:10 | 001,005,927 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20100629-202629.backup [2010/06/26 18:55:04 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2010/06/17 02:20:08 | 000,000,120 | ---- | M] () -- C:\Users\Lenny\webct_upload_applet.properties [2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms [2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms [2010/06/16 00:41:50 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf [2010/06/13 00:43:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2010/06/13 00:43:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe [2010/06/13 00:43:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe [2010/06/13 00:43:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe [2010/06/11 21:41:50 | 000,343,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2010/06/07 21:43:31 | 3884,712,092 | ---- | M] () -- C:\Users\Lenny\Documents\TempImage.nrg [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/01 19:24:57 | 000,007,606 | ---- | C] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg [2010/06/17 21:18:14 | 971,911,168 | ---- | C] () -- C:\Users\Lenny\Desktop\ADOBE_ACROBAT_9_PRO_EXTENDED.iso [2010/06/17 21:18:06 | 334,888,960 | ---- | C] () -- C:\Users\Lenny\Desktop\ACTIVATION & UPDATES.iso [2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms [2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms [2010/06/16 00:37:02 | 000,065,536 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf [2010/06/07 21:35:01 | 3884,712,092 | ---- | C] () -- C:\Users\Lenny\Documents\TempImage.nrg [2010/05/28 18:08:12 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\wirepots.dll [2010/05/12 19:49:43 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2010/05/12 19:49:43 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2010/05/12 19:49:42 | 000,881,664 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2010/05/12 19:49:42 | 000,205,824 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2010/05/12 19:49:40 | 000,085,504 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2010/05/12 19:49:40 | 000,000,547 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll.manifest [2009/12/08 18:54:29 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini [2009/12/08 18:03:21 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI [2009/11/27 17:27:36 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys [2009/10/21 01:48:38 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > OTL Extras logfile created on: 7/2/2010 7:52:00 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Lenny\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.57 Gb Total Space | 121.08 Gb Free Space | 42.10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 914.26 Gb Total Space | 612.44 Gb Free Space | 66.99% Space Free | Partition Type: NTFS Computer Name: LENNY-TOSHIBA Current User Name: Lenny Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel OTL.Txt Extras.Txt
  5. Leo Ali
    Hello, I am having some trouble and some strange symptoms with my laptop. I fell behind with updating spywareblaster/spybot/malwarebytes and believe my firefox browser got hijacked as it seemed to get redirected to 'marthastewart.com' from certain google links. After an Avast! scan, and scans/updates w/ all of the mentioned programs (and finding lots of malware) windows seems to get stuck upon startup. It loads normally after initial BIOS screens, and after I enter my password I get a completely black screen but with a working mouse (I can freely move around the arrow...); this lasts for about 2-3 mins. before windows resumes normally. My CPU usage stays in the 50% range also for a couple of minutes after, and then descends to normal range (staying below 5% now). HJT log posted below, any help would be great, thank you in advance. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:53:45 PM, on 7/1/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files\Avast4\ashDisp.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Lenny\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis System Backup (acrosysbackup_ex4bEOVSq1JI) - Unknown owner - C:\windows\system32\wirepots.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: Windows System Backup Dumper (winbackupdumper-id194bEOVSq1JI) - Unknown owner - C:\windows\system32\mousenh32.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 8797 bytes
  6. Leo Ali
    everythings seems great, your free to close it up. Thank you so much for your valued and greatly appreciated time, I will be sure to go ahead and make a donation to your wonderful group! Thanks again
  7. Leo Ali
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=3eeec9c29969614db12af2721c762f40 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-28 12:31:29 # local_time=2010-05-27 08:31:29 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 51028047 51028047 0 0 # compatibility_mode=769 16775165 100 98 0 210365700 0 0 # compatibility_mode=5892 16776573 100 100 0 111602874 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=139653 # found=1 # cleaned=1 # scan_time=11342 C:\Users\Natalie\Music\whyyouwannabringmedown kelly.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
  8. Leo Ali
    Seemingly alright, although I am worried about errors popping up here and there, such as the one that came up when I tried scanning w/ GMER. Are there any other preventative scans/checks we can do to ensure this PC is stable?
  9. Leo Ali
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4143 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 5/25/2010 5:15:38 PM mbam-log-2010-05-25 (17-15-38).txt Scan type: Quick scan Objects scanned: 136956 Time elapsed: 9 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. Leo Ali
    Thanks for continuing to help me with this computer Kahdah. GMER had an error saying: "e9sxspy7.exe has stopped working" when it scanned [\device\harddisk\volumeshadowcopy1], I tried running it in Safemode w/ networking and it came out with the same error at the same place. Below are Extras.txt followed by OTL.txt OTL Extras logfile created on: 5/24/2010 9:48:52 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Natalie\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.46 Gb Total Space | 72.87 Gb Free Space | 53.40% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 2.87 Gb Free Space | 28.67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 2.49 Gb Total Space | 0.50 Gb Free Space | 20.19% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NATALIE-PC Current User Name: Natalie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{118BBB71-F8FF-45B0-B405-A7B8F148D5C2}" = lport=2869 | protocol=6 | dir=in | app=system | "{1948A682-B06F-424A-ACF8-109B9BD1A385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{198C0458-6D8F-47EF-8104-33FF09E5B0E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{214F9EF0-DC16-4B00-8C62-F62B29C0819C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35DA9075-630A-46C8-945A-6812D15CCA97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{41EEF11D-25F7-44EF-9A4A-90A3B51D3330}" = lport=10244 | protocol=6 | dir=in | app=system | "{471CF542-E520-417F-9160-F999C38B3D1E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{48F5D951-027A-4F2F-8FBC-6EA12F4FE7F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B1EC543-3863-41D2-961C-2F255F0A0BCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{563FCEA3-FFB1-4C34-895A-AACE4AED0F23}" = rport=10243 | protocol=6 | dir=out | app=system | "{6413A351-16AD-4730-B60D-7C8D657351D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68F4D4D3-FD7A-44BD-8BF7-D504612E811C}" = lport=3390 | protocol=6 | dir=in | app=system | "{72301687-367E-4B4D-8384-82B66B940090}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{730D0074-7109-406F-81CC-DE5BAACA3334}" = lport=10244 | protocol=6 | dir=in | app=system | "{765C7931-2F4F-421E-9CE0-89985BE4F3CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7BE6604E-D89E-4038-8A51-7F7D60FFB510}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7FEFB5F4-4B3A-43BB-84A2-51C8A86C3AB1}" = lport=3390 | protocol=6 | dir=in | app=system | "{82899DA5-EC1E-4D29-8024-5C9E873ED5E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87AC28ED-C66D-4A8F-A7BE-7EA7961DD62B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C285B12-F4BA-4CA1-BCC8-7727045BEE0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9699BF82-AFCA-43E1-A02E-42C52803AAB0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{9890E737-A4CA-48B4-AB52-8790DF9692F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9E6E6F85-AE16-4726-ACB2-186E0B895DC8}" = rport=10244 | protocol=6 | dir=out | app=system | "{9F787436-F5AF-4EF6-BAD0-E7D042442DD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A5C4C095-6AB7-4FD2-8A1B-1095DDF9A0B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A66E25FC-8466-471E-ABFA-81C4F260F432}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AAB2ACCA-B962-4FF8-BFDF-80B64AC90B8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC718AA8-F110-438E-94CA-C45D2BFB0153}" = rport=10244 | protocol=6 | dir=out | app=system | "{C24DF778-03FF-4497-94F8-9D11629F70C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D8398B91-0382-4FAA-9EA7-549D3EF91612}" = lport=10243 | protocol=6 | dir=in | app=system | "{FFBE19B5-6364-473B-B372-0DDF487484C4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E982F4-A44A-4779-8D16-EF469CF2CA44}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{111848FB-9777-4968-90DA-D7765340B19B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{16914AFF-66E6-4211-A075-DF46B16D76D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{21864FFD-EFB6-4E56-8E27-F6C83E109F37}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{2584C5EA-067D-4B8E-8A86-64AF9AACE432}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{2E0A6918-759B-4CC8-9235-08493B035CF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{32185836-985F-426D-B99E-B9F4026CF947}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | "{33692009-0448-427D-84E2-C3E06F7DE669}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{35D09106-35EA-4AA8-B536-250C2057B44D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{393AFAF1-9485-421F-B0A1-06430810972D}" = protocol=6 | dir=out | app=system | "{541D9A7B-B001-40BA-907D-21F77B4DF9D8}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | "{55DB7DD2-297E-4A46-9AAF-DD1E71C7E701}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{5A5C47A8-B2B2-472B-BC77-47C290AF7E9C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{7371C784-1096-4384-A0EF-B96882CCD858}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{820D7D0A-12C2-4542-9AB4-D850960BBD64}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{84F8D083-BCBE-4923-9770-E131AE0269E3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{84F9C5CD-748B-47A9-B6D0-41D425F74F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DE3143B-F7AA-4883-94F8-E99B6BCD8161}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E0201D5-4EC2-41BF-8B37-160B50C01CCA}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{8ECC8D3A-441A-49F6-9FB4-9F8CE00A8B4E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{9B99D1C8-7058-4183-B19E-E567003A51C9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{9E130835-7C50-46C5-BA55-8AC1C3FF1378}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A68C44E0-553E-473C-A7EC-26802AA74CEF}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{B3AF4DD4-9130-4231-B654-527DA79B6C95}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{BE2119F4-996F-4DC0-A1FB-43F575713918}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1FB7BFF-2D17-470B-B3B0-2D5CE02CB370}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{CAC3F191-4F7B-4637-B8C2-5B31BAC9D0C8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{CB31AA01-50B6-4CDE-B401-6BDC9DAA0747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC36487B-6E62-4E18-BD81-4A27B515667D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{CDA4D31C-0110-48B6-BEBC-0E9566404634}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CEC2055D-173B-486F-9DA1-45AF66C1B7C2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D069B892-9488-490F-9075-96572152DE72}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{D30AF615-A84B-477A-9B83-9DE79C4E7F48}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{DB69BC38-D1C8-485B-A88D-9912950B88E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DF29289F-5B32-4384-AD35-23607FC1D194}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{E3FF8E64-6912-4349-AB78-AC63622357EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E5ABCD78-AC0A-42F9-A24E-0328D48C4C0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E621F5EA-D7CC-41B1-9DCE-AF6E4E71D241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{0564F18C-A18B-4B2F-BE6F-AE4486B599BD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{0C43E288-0B22-48C1-95B9-604ED520B7A7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0F06848C-1144-411D-912A-AACF63F95136}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{1A8F1A73-532E-4085-B86C-0C626DC03902}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{52D1C519-59AA-444A-BF8C-12D766483D0C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{BA03589B-D2CF-4DBE-89BC-2868518CC66A}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "TCP Query User{C77C371A-E654-4DAA-90E1-67B12CC2A4BA}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{E51F7928-F7B0-457D-977B-1C310DA05265}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{063989ED-8FF8-44BA-9F30-FA722C891A47}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "UDP Query User{07D483C9-808D-4620-9383-2FDCEAEB5228}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{0D48D2F5-659A-4C74-89E7-4286F976652F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{36F09FB2-305D-49C7-AF0C-6638E881C9C9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{3FC89C72-5424-44D5-A890-A4FF8FCD2BD3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{C765BBC9-FB02-489F-83DE-6EA3FA300E3B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D7354CBB-2444-4658-907D-9485B1C19057}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F4947284-8145-4DB9-BFB3-C3DB00E1D9AE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{783e7d2e-32c0-48d3-88e9-b6cd4276e03c}" = Nero 9 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel
  11. Leo Ali
    Ok, I tried the disk again and realized that the Recovery Console was for XP. I found one for vista 32-bit and ran it, along w/ the scandisk and some 'Boot-up Repair'. The PC restarted normally and I am in Windows now, would you like a HJT log?
  12. Leo Ali
    I got as far as the Welcome screen, I then pressed R for the Recovery Console and it told me that "No Physical Hard Disk was detected and cannot continue"
  13. Leo Ali
    Ok, I burned the ISO, and ran the PE. When I click the OTLPE icon in the desktop I get a 'RunScanner Error' which states: "Registry Access Error, ret = 1019: System could not allocate the required space in a registry log."
  14. Leo Ali
    As this is my first post on this forum, I would like to give out a big HELLO, and a big THANK YOU to anyone offering their help! So, here is the scoop on my Dell XPS- It all of a sudden blacked out and showed that wonderful 'BLUE SCREEN'. Its telling me CONFIG_LIST_FAILED, and the technical information states: STOP: x00000073 (0x00000001, 0xc000017D, 0x00000001, 0xF6D8ABB8). Upon restarting, the computer goes into some "Dell MediaDirect" black and white 'splash-screen logo' then straight to that blue screen again. I attempted to start the PC into safe mode, w/ and w/out networking and it skips that "Dell MediaDirect" screen but goes into another blue screen stating: STOP: 0x0000007B (0xF7C4C524, 0xC0000034, 0x00000000, 0x00000000). I searched the CONFIG_LIST_FAILED error on google and the common answer seems to be that my HDD is out of memory, which is not the case here. I also read another cause, which seems more appropriate, would be a boot-sector virus. Again, any help received would be greatly appreciated, and a big thank you in advance goes out anyone sharing their time with me on this issue.
  15. Leo Ali
    As this is my first post on this forum, I would like to give out a big HELLO, and a big THANK YOU to anyone offering their help! So, here is the scoop on my Dell XPS- It all of a sudden blacked out and showed that wonderful 'BLUE SCREEN'. Its telling me CONFIG_LIST_FAILED, and the technical information states: STOP: x00000073 (0x00000001, 0xc000017D, 0x00000001, 0xF6D8ABB8). Upon restarting, the computer goes into some "Dell MediaDirect" black and white 'splash-screen logo' then straight to that blue screen again. I attempted to start the PC into safe mode, w/ and w/out networking and it skips that "Dell MediaDirect" screen but goes into another blue screen stating: STOP: 0x0000007B (0xF7C4C524, 0xC0000034, 0x00000000, 0x00000000). I searched the CONFIG_LIST_FAILED error on google and the common answer seems to be that my HDD is out of memory, which is not the case here. I also read another cause, which seems more appropriate, would be a boot-sector virus. Again, any help received would be greatly appreciated, and a big thank you in advance goes out anyone sharing their time with me on this issue.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.