CandiRain Posted April 6, 2012 ID:540367 Share Posted April 6, 2012 It hide all my files and short-cuts and blacked out my desktop. The onlything left is a fake hdd shortcut. I cant get to explorer or my hijackthis and cant run dds or whatever its called what should i do now. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 6, 2012 ID:540414 Share Posted April 6, 2012 Hello CandiRain and welcome to MalwareBytes forums.Why do you mention "hijackthis" ? Are you getting help somewhere else?If you need to, download and Save the tools using a clean (other) system and save to a new USB-flash or CD/DVD and take tools to the infected system.First, make sure you have saved all your work before you begin, and close your open apps.Close all open windows on the Task Bar. Note: If using Firefox browser, right-click on any download links and choose Save AsPlease download OTH to your desktopPlease download OTL to your desktopDouble click the OTH file to run it and click Kill All Processes button, your desktop will go blank. (That is normal & expected).If running on Windows 7 or Vista, to start tools, do a RIGHT-Click and then select "Run As Administrator".Then press Start OTL button. OTL will now run. If prompted to allow it to run, press YES.In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.Then copy/paste the following into your post (in order):the contents of OTL.txt;the contents of Extras.txt ; andthe contents of checkup.txt Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540575 Share Posted April 7, 2012 just to let you know. when i turned on my computer the anti virus protection i have found a trojen and put it in a vault... not sure what to do with that but still no files or start up menu and black desktop with no icons. i did everything you said to do tho ill post below Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540577 Share Posted April 7, 2012 OTL logfile created on: 4/7/2012 9:16:29 AM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFSComputer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scrPRC - [2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scrPRC - [2012/01/24 18:24:26 | 002,416,480 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exePRC - [2011/11/28 02:19:04 | 001,229,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exePRC - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exePRC - [2011/10/10 07:23:34 | 000,973,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exePRC - [2011/09/08 21:53:26 | 000,743,264 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exePRC - [2011/08/15 07:21:40 | 000,337,760 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exePRC - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exePRC - [2008/12/02 22:57:30 | 000,729,088 | -H-- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE========== Modules (No Company Name) ==================== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)SRV - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)SRV - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2008/09/11 07:00:10 | 000,237,650 | -H-- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)DRV - [2011/10/07 07:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)DRV - [2011/10/04 07:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)DRV - [2011/09/13 06:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)DRV - [2011/08/08 07:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)DRV - [2011/07/11 02:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)DRV - [2011/07/11 02:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)DRV - [2011/07/11 02:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)DRV - [2011/07/11 02:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)DRV - [2009/05/03 05:41:54 | 001,294,200 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2009/05/01 09:43:30 | 000,026,888 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)DRV - [2009/05/01 09:43:28 | 000,171,144 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV - [2009/05/01 09:43:28 | 000,149,512 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV - [2009/05/01 09:43:24 | 000,222,720 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)DRV - [2008/12/02 22:57:32 | 000,112,128 | -H-- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)DRV - [2008/10/15 14:58:32 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)DRV - [2008/09/11 07:00:10 | 001,390,323 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2008/06/27 13:02:00 | 000,289,024 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)DRV - [2007/11/02 18:51:30 | 000,006,400 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)DRV - [2007/11/02 18:36:12 | 000,018,176 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)DRV - [2007/07/03 17:58:20 | 000,106,792 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)DRV - [2007/07/03 17:57:24 | 000,011,944 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)DRV - [2007/07/03 17:54:24 | 000,080,552 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)DRV - [2007/01/22 22:33:00 | 000,007,680 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value foundIE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{22E177FF-D849-4A8A-801A-FB5854291E6C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444YYUS&apn_uid=8858E931-055A-46C6-9B63-314C9D53A66E&apn_sauid=4D6286F7-03B5-40AA-8555-8BD699A77E9FIE - HKCU\..\SearchScopes\{5CD15C20-3EB0-40E5-ABD1-E9B7F7CB60AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enIE - HKCU\..\SearchScopes\{84EDDA1C-D0C4-4D54-BD3C-035E52170924}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1IE - HKCU\..\SearchScopes\{B0C87276-8019-4ED3-BDFA-64E75F7D0F8B}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}IE - HKCU\..\SearchScopes\{B1C9773A-F0D8-491E-8204-47D7E655B7F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}IE - HKCU\..\SearchScopes\{C26080EF-DE5E-4852-B7D5-89FC74906A2B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8IE - HKCU\..\SearchScopes\{D9AA5878-FB80-48D3-AA9B-2DCFACF372AD}: "URL" = http://delicious.com/search?p={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.0FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: profilesong.toolbar@completeplaylists.com:1.0.1FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\victoria\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 18:30:33 | 000,000,000 | -H-D | M][2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions[2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com[2010/07/26 17:11:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions[2009/07/05 00:54:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009/08/16 23:55:29 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2010/05/22 15:36:04 | 000,000,000 | -H-D | M] (Diccionario de Español/España) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\es-es@dictionaries.addons.mozilla.orgO1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\STTRAY.EXE (IDT, Inc.)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)O4 - HKCU..\Run: [Aim6] File not foundO4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery presentO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not foundO9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\victoria\Start Menu\Programs\IMVU\Run IMVU.lnk ()O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not foundO9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not foundO15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: vccs.edu ([google] https in Trusted sites)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31FFF463-D0A4-4BDD-9FB9-20D2291C98FC}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/05/03 05:24:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell - "" = AutoRunO33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun\command - "" = D:\WIN\setup.exeO33 - MountPoints2\{47565a08-c375-11de-9ccd-0024815d8f86}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2012/04/07 09:14:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr[2012/04/07 09:14:03 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr[2012/04/07 09:00:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\victoria\Recent[2012/04/06 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\victoria\Application Data\PoseCentral[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Program Files\PandoraV[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/07 09:42:00 | 000,000,990 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004UA.job[2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr[2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr[2012/04/07 09:07:23 | 094,033,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm[2012/04/07 09:01:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3[2012/04/07 09:01:06 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r[2012/04/07 09:00:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk[2012/04/07 09:00:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineCore.job[2012/04/07 08:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineUA.job[2012/04/06 13:03:36 | 000,069,283 | -H-- | M] () -- C:\Documents and Settings\victoria\.recently-used.xbel[2012/04/05 17:32:51 | 000,048,743 | -H-- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm[2012/04/05 07:40:56 | 000,001,631 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk[2012/04/05 07:13:24 | 000,001,949 | -H-- | M] () -- C:\Documents and Settings\victoria\Desktop\IMVU.lnk[2012/04/04 10:42:00 | 000,000,938 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004Core.job[2012/04/03 12:05:40 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/03/30 23:51:49 | 000,834,682 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/03/30 23:51:48 | 000,262,846 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/03/15 19:45:27 | 000,152,384 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/03/15 10:17:13 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]========== Files Created - No Company Name ==========[2012/04/07 09:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk[2012/04/06 15:33:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r[2012/04/06 15:33:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3[2012/04/06 15:33:12 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3[2012/04/06 13:03:36 | 000,069,283 | -H-- | C] () -- C:\Documents and Settings\victoria\.recently-used.xbel[2012/04/05 07:40:56 | 000,001,631 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk[2012/02/15 20:46:03 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll[2011/11/17 17:18:34 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/06/11 14:19:11 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat[2011/06/11 14:19:11 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat[2011/06/11 14:19:11 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat[2011/06/11 14:19:11 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini[2011/06/11 14:19:10 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat[2011/06/11 14:19:10 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat[2011/06/11 14:19:10 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat[2011/06/11 14:19:10 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat[2011/06/11 14:19:10 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat[2011/06/11 14:19:10 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat[2011/06/11 14:19:10 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat[2011/06/11 14:19:10 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat[2011/03/19 19:13:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat========== LOP Check ==========[2010/06/28 19:24:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM[2011/07/27 11:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ask[2011/10/10 01:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012[2010/10/16 12:02:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9[2011/08/30 05:48:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2012/04/07 09:08:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData[2010/08/01 20:34:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint[2009/05/03 06:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2011/05/21 12:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2009/11/25 16:47:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}[2009/07/04 19:42:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}[2009/05/04 15:30:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\acccore[2010/10/16 13:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG10[2002/01/08 22:39:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG2012[2009/06/14 12:07:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Bytemobile[2011/06/11 14:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Driver Smith[2011/06/11 16:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\EPSON[2009/05/03 18:15:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\GetRightToGo[2012/04/06 12:41:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\gtk-2.0[2012/04/05 17:54:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU[2010/08/02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU Previewer[2012/03/02 12:33:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVUClient[2010/02/08 14:54:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Maple[2012/04/05 07:40:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PoseCentral[2012/04/07 09:20:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PriceGong[2009/07/04 19:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Research In Motion[2010/12/13 18:15:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\SecondLife[2009/05/03 18:03:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Sierra Wireless[2009/05/03 05:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\TMP[2010/07/28 23:23:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Vivox[2011/05/18 23:40:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Wacom[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineCore.job[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineUA.job========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540578 Share Posted April 7, 2012 OTL Extras logfile created on: 4/7/2012 9:16:29 AM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFSComputer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility"{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Audacity_is1" = Audacity 1.2.6"AVG" = AVG 2012"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"EPSON Printer and Utilities" = EPSON Printer Software"EPSON Scanner" = EPSON Scan"HDMI" = Intel® Graphics Media Accelerator Driver"HOMESTUDENTR" = Microsoft Office Home and Student 2007"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"IMVU_Inc Toolbar" = IMVU Inc Toolbar"InstallShield_{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"SynTPDeinstKey" = Synaptics Pointing Device Driver"ViewpointMediaPlayer" = Viewpoint Media Player"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinGimp-2.0_is1" = GIMP 2.6.10"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Yahoo! Messenger" = Yahoo! Messenger"Yahoo! Software Update" = Yahoo! Software Update"YTdetect" = Yahoo! Detect========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8========== Last 10 Event Log Errors ==========[ Application Events ]Error - 3/30/2012 8:47:30 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 2:41:51 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 7:12:36 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 8:48:15 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/2/2012 5:47:30 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/2/2012 11:15:38 AM | Computer Name = VICTORIA-AE7A76 | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.Error - 4/3/2012 12:05:50 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/3/2012 12:22:43 PM | Computer Name = VICTORIA-AE7A76 | Source = Application Hang | ID = 1002Description = Hanging application IMVUClient.exe, version 469.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 4/3/2012 9:36:25 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/4/2012 4:06:31 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.[ OSession Events ]Error - 5/9/2009 8:16:15 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 3, Application Name: Microsoft Office PowerPoint, ApplicationVersion: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This sessionlasted 1073 seconds with 1020 seconds of active time. This session ended with a crash.Error - 10/6/2009 7:31:40 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1394 seconds with 720 seconds of active time. This session ended with a crash.[ System Events ]Error - 1/1/2002 12:01:49 AM | Computer Name = VICTORIA-AE7A76 | Source = Ntfs | ID = 262199Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.Error - 3/25/2012 4:00:16 PM | Computer Name = VICTORIA-AE7A76 | Source = Windows Update Agent | ID = 16Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the setschedule. Windows will continue to try to establish a connection.Error - 3/26/2012 11:45:08 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.1.100 for the Network Card with network address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).Error - 4/5/2012 11:34:29 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.1.100 for the Network Card with network address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).Error - 4/5/2012 11:39:42 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/6/2012 11:53:53 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:17 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Audio Service service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:24 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The hpqwmiex service terminated unexpectedly. It has done this 1time(s).< End of report > Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540579 Share Posted April 7, 2012 im sorry i have no idea why that came out small.OTL Extras logfile created on: 4/7/2012 9:16:29 AM - Run 1OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFSComputer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility"{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Audacity_is1" = Audacity 1.2.6"AVG" = AVG 2012"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"EPSON Printer and Utilities" = EPSON Printer Software"EPSON Scanner" = EPSON Scan"HDMI" = Intel® Graphics Media Accelerator Driver"HOMESTUDENTR" = Microsoft Office Home and Student 2007"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"IMVU_Inc Toolbar" = IMVU Inc Toolbar"InstallShield_{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"SynTPDeinstKey" = Synaptics Pointing Device Driver"ViewpointMediaPlayer" = Viewpoint Media Player"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinGimp-2.0_is1" = GIMP 2.6.10"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Yahoo! Messenger" = Yahoo! Messenger"Yahoo! Software Update" = Yahoo! Software Update"YTdetect" = Yahoo! Detect========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8========== Last 10 Event Log Errors ==========[ Application Events ]Error - 3/30/2012 8:47:30 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 2:41:51 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 7:12:36 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/1/2012 8:48:15 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/2/2012 5:47:30 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/2/2012 11:15:38 AM | Computer Name = VICTORIA-AE7A76 | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.Error - 4/3/2012 12:05:50 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/3/2012 12:22:43 PM | Computer Name = VICTORIA-AE7A76 | Source = Application Hang | ID = 1002Description = Hanging application IMVUClient.exe, version 469.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 4/3/2012 9:36:25 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.Error - 4/4/2012 4:06:31 AM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004Description = Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0.[ OSession Events ]Error - 5/9/2009 8:16:15 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 3, Application Name: Microsoft Office PowerPoint, ApplicationVersion: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This sessionlasted 1073 seconds with 1020 seconds of active time. This session ended with a crash.Error - 10/6/2009 7:31:40 PM | Computer Name = VICTORIA-AE7A76 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1394 seconds with 720 seconds of active time. This session ended with a crash.[ System Events ]Error - 1/1/2002 12:01:49 AM | Computer Name = VICTORIA-AE7A76 | Source = Ntfs | ID = 262199Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.Error - 3/25/2012 4:00:16 PM | Computer Name = VICTORIA-AE7A76 | Source = Windows Update Agent | ID = 16Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the setschedule. Windows will continue to try to establish a connection.Error - 3/26/2012 11:45:08 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.1.100 for the Network Card with network address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).Error - 4/5/2012 11:34:29 AM | Computer Name = VICTORIA-AE7A76 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.1.100 for the Network Card with network address 00242C19D345 has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).Error - 4/5/2012 11:39:42 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/6/2012 11:53:53 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:17 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Audio Service service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:21 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).Error - 4/7/2012 9:15:24 AM | Computer Name = VICTORIA-AE7A76 | Source = Service Control Manager | ID = 7034Description = The hpqwmiex service terminated unexpectedly. It has done this 1time(s).< End of report > Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540580 Share Posted April 7, 2012 Results of screen317's Security Check version 0.99.32 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````````````````````Antivirus/Firewall Check: Windows Firewall Enabled! AVG 2012 ```````````````````````````````Anti-malware/Other Utilities Check: Java 6 Update 26 Java version out of date! Adobe Flash Player 10.0.22.87 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of date!````````````````````````````````Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe``````````End of Log```````````` Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 7, 2012 ID:540675 Share Posted April 7, 2012 Hello,Disconnect any external HDD drives or any USB-flash drives you may have connected to this system.You have done well so far, getting the log reports, which help a lot. Prior to this, I had no idea which version of Windows nor which antivirus this had.Do as much as you can of the following. If one does not "start" or is blocked, write that down for me, and go forward with the next steps.Do not run any other programs while these are running. I also do not want you to run anything on your own, without checking with me first.Looks like your system is infected with the Smart HDD rogue-malware.Step 1Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from>>> here <<<Double-click FixPolicies.exe.Click the "Install" button on the bottom toolbar of the box that will open.The program will create a new Folder called FixPolicies.Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.A black box will briefly appear and then close.This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Step 31. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 4Set Windows to show all files and all folders.On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed."CHECK" (turn on) Display the contents of system folders.Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.Next, un-check Hide extensions for known file types.Next un-check Hide protected operating system files.Step 5Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:processeskillallprocesses:filesC:\Documents and Settings\victoria\Start Menu\Programs\SMART HDDC:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3rC:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnkC:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3:reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}]:Commands[CREATERESTOREPOINT][Reboot]*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button Run Fix.Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 6Re-enable your antivirus program, AVG2012. Make an Update run to insure it is fully up-to-date.Do a quick scan with AVG and let me know what the result is.Reply with copy of the OTL MovedFiles logand tell me, if your Desktop is "normal" again?We are not done, by a long shot. There will be much more to do later. Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540710 Share Posted April 7, 2012 i hope i did this right.========== PROCESSES ==========All processes killed========== FILES ==========C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD folder moved successfully.C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3 moved successfully.C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r moved successfully.C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3 moved successfully.========== REGISTRY ==========Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ad73db6-382e-11de-9c46-0024815d8f86}\ not found.========== COMMANDS ==========Restore point Set: OTL Restore Point (0)OTL by OldTimer - Version 3.2.39.2 log created on 04082012_030701Files\Folders moved on Reboot...Registry entries deleted on Reboot...Avg did find one file that it moved to the vault during scan corrupt executable file.I noticed that avg is still holding the trojen in its vault there are options at the bottom to delet or empty vault do i need to do that? Link to post Share on other sites More sharing options...
CandiRain Posted April 7, 2012 Author ID:540712 Share Posted April 7, 2012 oh and my desktop ikons are back but my old ikons are transparent if that makes sense. and still have black background. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 8, 2012 ID:540851 Share Posted April 8, 2012 Hello,Please download the following program to your Desktop >> Unhide <<Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.After it is finished, tell me what your Desktop, etc, Start menu, etc, looks like.There is still lots more to do. We are not finished.Please close any of your open windows/programs and exit; saving any open work you have.I'd like to have you do a special run of OTL to generate some searches & a new log-report. Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%APPDATA%\*.%APPDATA%\*.exe /s%SYSTEMDRIVE%\*.exe/md5startthemeui.dllbeep.sysuserinit.exeeventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sys/md5stop%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINT*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt Link to post Share on other sites More sharing options...
CandiRain Posted April 8, 2012 Author ID:540893 Share Posted April 8, 2012 my desktop icons are not greyed out anymore and are all there. I still have a black background. All my start menu items are there except my control panel, my computer, documents, pics, music.OTL logfile created on: 4/9/2012 2:30:20 AM - Run 3OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1015.23 Mb Total Physical Memory | 414.93 Mb Available Physical Memory | 40.87% Memory free2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.34% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.88 Gb Total Space | 41.21 Gb Free Space | 73.74% Space Free | Partition Type: NTFSDrive E: | 1.89 Gb Total Space | 1.86 Gb Free Space | 98.34% Space Free | Partition Type: FATComputer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scrPRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exePRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exePRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exePRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exePRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exePRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exePRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exePRC - [2008/12/02 22:57:30 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXEPRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STTRAY.EXEPRC - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\STACSV.EXEPRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/02/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE========== Modules (No Company Name) ==========MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)DRV - [2009/05/03 05:41:54 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2009/05/01 09:43:30 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)DRV - [2009/05/01 09:43:28 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)DRV - [2009/05/01 09:43:28 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)DRV - [2009/05/01 09:43:24 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)DRV - [2008/12/02 22:57:32 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)DRV - [2008/10/15 14:58:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)DRV - [2008/09/11 07:00:10 | 001,390,323 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2008/06/27 13:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)DRV - [2007/11/02 18:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)DRV - [2007/11/02 18:36:12 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)DRV - [2007/01/22 22:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value foundIE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{22E177FF-D849-4A8A-801A-FB5854291E6C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444YYUS&apn_uid=8858E931-055A-46C6-9B63-314C9D53A66E&apn_sauid=4D6286F7-03B5-40AA-8555-8BD699A77E9FIE - HKCU\..\SearchScopes\{5CD15C20-3EB0-40E5-ABD1-E9B7F7CB60AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enIE - HKCU\..\SearchScopes\{84EDDA1C-D0C4-4D54-BD3C-035E52170924}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1IE - HKCU\..\SearchScopes\{B0C87276-8019-4ED3-BDFA-64E75F7D0F8B}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}IE - HKCU\..\SearchScopes\{B1C9773A-F0D8-491E-8204-47D7E655B7F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}IE - HKCU\..\SearchScopes\{C26080EF-DE5E-4852-B7D5-89FC74906A2B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8IE - HKCU\..\SearchScopes\{D9AA5878-FB80-48D3-AA9B-2DCFACF372AD}: "URL" = http://delicious.com/search?p={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.0FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: profilesong.toolbar@completeplaylists.com:1.0.1FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\victoria\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 18:30:33 | 000,000,000 | ---D | M][2010/07/28 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions[2010/07/28 23:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com[2010/07/26 17:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions[2009/07/05 00:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009/08/16 23:55:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2010/05/22 15:36:04 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\es-es@dictionaries.addons.mozilla.orgO1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\STTRAY.EXE (IDT, Inc.)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)O4 - HKCU..\Run: [Aim6] File not foundO4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O4 - Startup: C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery presentO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not foundO9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\victoria\Start Menu\Programs\IMVU\Run IMVU.lnk ()O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not foundO9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not foundO15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: vccs.edu ([google] https in Trusted sites)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31FFF463-D0A4-4BDD-9FB9-20D2291C98FC}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/05/03 05:24:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{47565a08-c375-11de-9ccd-0024815d8f86}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exeO34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundSafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not foundSafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not foundSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! ToolbarActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media PlayerActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media PlayerActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings UpdateActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETourActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET FrameworkActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash PlayerActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exeActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfigActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOEDrivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/04/09 02:06:04 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\victoria\Desktop\unhide.exe[2012/04/08 03:07:01 | 000,000,000 | ---D | C] -- C:\_OTL[2012/04/08 02:27:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/04/08 02:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT[2012/04/08 02:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT[2012/04/08 02:26:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\victoria\Desktop\erunt-setup.exe[2012/04/08 02:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Desktop\FixPolicies[2012/04/07 09:14:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr[2012/04/07 09:14:03 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr[2012/04/07 09:00:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\victoria\Recent[2012/04/05 07:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Application Data\PoseCentral[2012/04/05 07:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\PandoraV[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/09 02:42:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004UA.job[2012/04/09 02:08:10 | 094,161,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm[2012/04/09 02:05:58 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\victoria\Desktop\unhide.exe[2012/04/09 01:59:51 | 000,000,848 | ---- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineCore.job[2012/04/09 01:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/04/08 14:43:00 | 000,000,850 | ---- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineUA.job[2012/04/08 02:27:19 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2012/04/08 02:27:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\NTREGOPT.lnk[2012/04/08 02:27:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\ERUNT.lnk[2012/04/08 02:26:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\victoria\Desktop\erunt-setup.exe[2012/04/08 02:24:39 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\rkill.com[2012/04/08 02:21:56 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\FixPolicies.exe[2012/04/07 10:42:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004Core.job[2012/04/07 09:57:15 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\SecurityCheck.exe[2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr[2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr[2012/04/06 15:33:55 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk[2012/04/06 13:03:36 | 000,069,283 | ---- | M] () -- C:\Documents and Settings\victoria\.recently-used.xbel[2012/04/05 17:32:51 | 000,048,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm[2012/04/05 07:40:56 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk[2012/04/05 07:13:24 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\victoria\Desktop\IMVU.lnk[2012/04/03 12:05:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/03/30 23:51:49 | 000,834,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/03/30 23:51:48 | 000,262,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/03/15 19:45:27 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/03/15 10:17:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ][1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]========== Files Created - No Company Name ==========[2012/04/09 02:25:33 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk[2012/04/09 02:25:33 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk[2012/04/09 02:25:33 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk[2012/04/09 02:25:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2012/04/09 02:25:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2012/04/09 02:25:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf[2012/04/09 02:25:32 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pandora.lnk[2012/04/09 02:25:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk[2012/04/09 02:25:30 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk[2012/04/09 02:25:27 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk[2012/04/09 02:25:25 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk[2012/04/08 02:27:19 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\victoria\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk[2012/04/08 02:27:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\NTREGOPT.lnk[2012/04/08 02:27:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\ERUNT.lnk[2012/04/08 02:24:39 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\rkill.com[2012/04/08 02:22:07 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\FixPolicies.exe[2012/04/07 09:57:15 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\victoria\Desktop\SecurityCheck.exe[2012/04/06 13:03:36 | 000,069,283 | ---- | C] () -- C:\Documents and Settings\victoria\.recently-used.xbel[2012/04/05 07:40:56 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk[2012/02/15 20:46:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2011/11/17 17:18:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/06/11 14:19:11 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat[2011/06/11 14:19:11 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat[2011/06/11 14:19:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat[2011/06/11 14:19:11 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat[2011/06/11 14:19:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat[2011/06/11 14:19:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini[2011/06/11 14:19:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat[2011/06/11 14:19:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat[2011/06/11 14:19:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat[2011/06/11 14:19:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat[2011/06/11 14:19:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat[2011/06/11 14:19:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat[2011/06/11 14:19:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat[2011/06/11 14:19:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat[2011/06/11 14:19:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat[2011/06/11 14:19:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat[2011/03/19 19:13:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat========== Custom Scans ==========< %ALLUSERSPROFILE%\Application Data\*. >[2010/05/21 20:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe[2010/06/28 19:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM[2010/06/28 19:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL[2009/05/04 15:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP[2009/07/10 13:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple[2009/07/04 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2011/07/27 11:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask[2011/10/10 01:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012[2010/10/16 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9[2012/02/03 17:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU[2011/08/30 05:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files[2010/12/09 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google[2012/04/09 02:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData[2010/11/21 14:31:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft[2012/03/06 21:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help[2009/06/14 12:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton[2009/05/03 06:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller[2009/07/11 09:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS[2011/04/12 22:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype[2010/08/01 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint[2010/06/08 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun[2009/05/06 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec[2009/05/03 06:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2009/06/30 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage[2011/05/21 22:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo![2011/05/21 12:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2009/11/25 16:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}[2009/07/04 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2009/07/01 20:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe[2010/12/09 23:09:05 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtbF.tmp.exe[2011/02/08 06:33:04 | 000,580,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcfgex.exe[2011/05/23 15:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchsvx.exe[2011/04/20 06:56:52 | 001,559,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcmgr.exe[2011/08/04 11:49:36 | 003,769,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcremx.exe[2011/03/28 04:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcsrvx.exe[2011/08/18 02:33:30 | 003,833,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdiagex.exe[2011/02/08 06:33:04 | 000,278,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdumpx.exe[2011/03/16 17:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgemcx.exe[2011/02/08 06:33:06 | 000,218,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglscanx.exe[2002/01/08 21:15:38 | 005,587,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe[2011/09/09 04:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgnsx.exe[2002/01/08 21:15:32 | 000,598,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe[2011/08/18 02:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrsx.exe[2011/02/08 06:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgscanx.exe[2011/02/09 06:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsrmax.exe[2011/09/08 18:32:50 | 005,996,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\AVGTBInstall.exe[2011/09/10 07:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtray.exe[2011/09/10 07:28:50 | 003,593,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgui.exe[2011/02/08 06:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwdsvc.exe[2011/02/08 06:33:46 | 000,754,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwsc.exe[2011/02/08 06:33:10 | 000,456,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\fixcfg.exe[2009/07/10 05:49:28 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe< %APPDATA%\*. >[2009/05/04 15:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\acccore[2011/05/18 23:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Adobe[2011/10/15 19:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Apple Computer[2010/10/16 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVG10[2002/01/08 22:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVG2012[2012/02/03 17:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\AVS4YOU[2009/06/14 12:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Bytemobile[2011/06/11 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Driver Smith[2011/06/11 16:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\EPSON[2009/05/03 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\GetRightToGo[2012/04/06 12:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\gtk-2.0[2009/05/03 05:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Identities[2012/04/08 12:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU[2010/08/02 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU Previewer[2012/03/02 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\IMVUClient[2009/05/03 05:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\InstallShield[2009/05/03 05:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Macromedia[2010/02/08 14:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Maple[2012/02/27 08:56:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\victoria\Application Data\Microsoft[2010/07/13 10:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Mozilla[2012/04/05 07:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\PoseCentral[2012/04/09 02:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\PriceGong[2009/07/04 19:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Research In Motion[2010/12/13 18:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\SecondLife[2009/05/03 18:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Sierra Wireless[2011/03/19 19:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Skype[2011/03/19 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\skypePM[2009/05/03 06:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Sun[2009/05/03 05:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\TMP[2010/07/28 23:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Vivox[2011/05/18 23:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Wacom[2011/11/24 18:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria\Application Data\Yahoo!< %APPDATA%\*.exe /s >[2012/03/05 20:04:14 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\devicefingerprint.exe[2012/03/05 20:04:22 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\devicefingerprint_old.exe[2012/04/04 13:49:18 | 000,054,096 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUClient.exe[2012/04/04 13:49:18 | 000,023,376 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUQualityAgent.exe[2012/04/04 13:49:20 | 000,097,784 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\IMVUupdater.exe[2012/04/04 13:22:28 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\victoria\Application Data\IMVUClient\plugin-container.exe[2012/04/05 07:13:20 | 000,077,969 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\Uninstall.exe[2012/03/05 18:17:16 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\w9xpopen.exe[2012/03/05 20:42:38 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\WriteMiniDump.exe[2012/04/05 07:12:14 | 029,636,208 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\IMVUClient\installer\SetupImvu_update.exe[2008/06/12 06:09:06 | 000,033,088 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe[2009/05/03 05:55:17 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe[2009/05/03 06:09:28 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}\NewShortcut1_275E7C8F54074E2D95060DC5BC59B14E.exe[2009/05/03 06:09:28 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{275E7C8F-5407-4E2D-9506-0DC5BC59B14E}\NewShortcut2_275E7C8F54074E2D95060DC5BC59B14E.exe[2011/09/30 01:14:44 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe[2002/01/01 19:11:27 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe[2008/07/08 04:02:00 | 017,912,320 | ---- | M] (Marvell ) -- C:\Documents and Settings\victoria\Application Data\TMP\setup.exe< %SYSTEMDRIVE%\*.exe >< MD5 for: AGP440.SYS >[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys< MD5 for: ATAPI.SYS >[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys< MD5 for: BEEP.SYS >[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys< MD5 for: EVENTLOG.DLL >[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll< MD5 for: NETLOGON.DLL >[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll< MD5 for: SCECLI.DLL >[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll< MD5 for: THEMEUI.DLL >[2008/04/14 08:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\dllcache\themeui.dll[2008/04/14 08:00:00 | 000,385,536 | ---- | M] (Microsoft Corporation) MD5=A314EEA2A503A8E04085201E436384A5 -- C:\WINDOWS\system32\themeui.dll< MD5 for: USERINIT.EXE >[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\victoria\Local Settings\Temp\RarSFX0\userinit.exe< %systemroot%\system32\drivers\*.sys /lockedfiles >[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]< %systemroot%\System32\config\*.sav >[2009/05/02 22:05:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav[2009/05/02 22:05:12 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav[2009/05/02 22:05:12 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav< %systemroot%\*. /mp /s >< %systemroot%\system32\*.dll /lockedfiles >[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< End of report > Link to post Share on other sites More sharing options...
CandiRain Posted April 8, 2012 Author ID:540899 Share Posted April 8, 2012 i just went into my start menu agian and the other stuff that was missing has come back now. so its all there. Link to post Share on other sites More sharing options...
CandiRain Posted April 11, 2012 Author ID:541692 Share Posted April 11, 2012 Did I do everything I was suppose to? is that all I need to do with my computer? Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 11, 2012 ID:541696 Share Posted April 11, 2012 We need to follow-up with some checks. 1 with MBAm and 1 with an online scan.Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a FULL Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallUsing Internet Explorer browser only, go to ESET Online Scanner website:{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}Press the ESET Online scanner" buttonCheck the I accept the terms box. Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Un-check the Remove found threats option.Checkmark Scan Archives option.Click on Advanced Settings and checkmark the followingScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology click Scan.After the scan completes, the Details tab in the Results window will display what was found and removed.A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.Look at contents of this file using Notepad or Wordpad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://www.eset.com/...c4.php?page=faqFrom ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.Otherwise the scan will take twice as long to do:everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.(And the prompt re-enabling when finished.)If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.After the scan is done, re-enable your antivirus program.Reply with copy of the MBAM scan log & Eset scan log. Link to post Share on other sites More sharing options...
CandiRain Posted April 12, 2012 Author ID:542000 Share Posted April 12, 2012 Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.11.03Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702victoria :: VICTORIA-AE7A76 [administrator]Protection: Enabled4/11/2012 11:15:27 AMmbam-log-2012-04-11 (15-06-47).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 273049Time elapsed: 3 hour(s), 31 minute(s), 43 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\System Volume Information\_restore{EAD3C747-8332-4413-8D2D-AC03E35A7962}\RP366\A0236884.exe (Backdoor.Agent.RCGen) -> No action taken.C:\System Volume Information\_restore{EAD3C747-8332-4413-8D2D-AC03E35A7962}\RP366\A0236885.exe (Backdoor.Agent.RCGen) -> No action taken.(end) Link to post Share on other sites More sharing options...
CandiRain Posted April 12, 2012 Author ID:542001 Share Posted April 12, 2012 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=5e535041993a1845801a1fafe4d4d133# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2012-04-12 07:46:17# local_time=2012-04-12 03:46:17 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 15060061 15060061 0 0# compatibility_mode=1024 16777191 100 0 322743289 322743289 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=82079# found=0# cleaned=0# scan_time=11439 Link to post Share on other sites More sharing options...
CandiRain Posted April 12, 2012 Author ID:542188 Share Posted April 12, 2012 I really appricate your help with this. I'm not the wisest in computer but I get by. I'm glad you guys are here to help. I have noticed since everything has been cleaned up when I go on google or bing I get redirected to some other website that is not what i clicked on. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 13, 2012 ID:542297 Share Posted April 13, 2012 On the search-click-redirect, always give fuller details:Which browser is used: Internet Explorer? Firefox? Chrome ?Do you get to the Google website ok? yes/noWhat is the search term ?What is the link that you are looking for?Please do the following steps:Step 1Temporarily turn off your antivirus program. Leave the firewall on.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDownload aswMBR.exe ( 511KB ) to your desktop.Double click on aswMBR.exe to start.change the a-v scan to None.uncheck trace disk IO callsClick the "Scan" button to start scanOn completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next replyStep 2Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 3Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows 7 & Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Step 4Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.========================================================Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.========================================================Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan.Click Yes.Once the scan is complete, you may receive another notice about rootkit activity.Click OK.GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".Save it where you can easily find it, such as your desktop.If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".Save it where you can easily find it, such as your desktop.Step 5RE-Enable your antivirus program.Reply with copy of contents of aswMBR logTDSSKILLER logGooredfix.txtGmer.txt log Link to post Share on other sites More sharing options...
CandiRain Posted April 14, 2012 Author ID:542673 Share Posted April 14, 2012 all the scanners downloaded to my dektop but will not open for me Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 14, 2012 ID:542689 Share Posted April 14, 2012 Did you save them to the Desktop ?Are you logged in with an administrator-rights account?Details on just what "message you got" when you tried to start those utilities would help.Close any/all open internet browsers. Save any open documents you have open & close programs you started.Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware ChameleonOn Windows 7, press Windows-key, then start typing in text box Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.61[/b] at the topPress any key to continue as it says in the window {space-bar will do}If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).Have infinite patience during this processMalwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possibleOnce the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scanA quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]If prompted to restart your computer to complete the removal process, click [b]Yes[/b] If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threatsCopy and attach contents of latest MBAM scan log for my review. Link to post Share on other sites More sharing options...
CandiRain Posted April 14, 2012 Author ID:542737 Share Posted April 14, 2012 While it is scanning ill answer ur questions. I'm using explorer and I don't have any problems getting to bing. Which is my default search engine or google if I type it into the address bar but I tried searching simple things and any link I click on it redirects me to random websites trying to sell me things.As for the scanners no error message pops up for a moment it acts like it will open when I double click on it but then nothing happens. When I tryto click on any other items I have on my desk top they do the same thing I have to go to start and open them from there instead. Malwarebytes is running a quick scan now and ill post up the results soon Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 14, 2012 ID:542750 Share Posted April 14, 2012 Do not do any searching of any sort until after I give the all clear. Let MBAM run un-interrupted. e.g., when I ask you to run tools, only run the tools and do not use the pc for any other use or task. In other words, one single task at a time.Close all browsers and let MBAM finish.The fact that the other tools do not run, means the likelyhood of a rootkit is high and that is not where we want to be. Link to post Share on other sites More sharing options...
CandiRain Posted April 15, 2012 Author ID:542808 Share Posted April 15, 2012 Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.14.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: VICTORIA-AE7A76 [administrator]Protection: Enabled4/14/2012 4:40:50 PMmbam-log-2012-04-14 (16-40-50).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 225514Time elapsed: 1 hour(s), 40 minute(s), 49 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
CandiRain Posted April 15, 2012 Author ID:542811 Share Posted April 15, 2012 yeah I was only running the tools alone when they wouldnt open after a while i tried other things to see if they would open, Link to post Share on other sites More sharing options...
Recommended Posts