Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting and Just in Time Debugging


  • This topic is locked This topic is locked
23 replies to this topic

#1 terrier01

terrier01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 25 May 2010 - 08:03 PM

Like many others, I've got a redirecting virus and the just in time debugging virus. I wasn't able to run .exe files but fixed that, thanks to the instructions on here, via malwarebytes.

I don't know how to post logs etc. I've run Gmer but need some tutoring on how to post the logs to the thread.

Thanks in advance for any help you can provide.

BC AdBot (Login to Remove)

 


#2 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 30 May 2010 - 09:31 AM

I've got a redirect virus and the Just-in-time debugging issue. Any help would be appreciated

OTL logfile created on: 5/30/2010 8:53:50 AM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\HP Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 59.25 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.84 Gb Total Space | 1.64 Gb Free Space | 89.17% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: YOUR-4105E587B6
Current User Name: HP Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 08:52:48 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP Owner\Desktop\OTL.exe
PRC - [2010/04/19 08:50:41 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/19 08:50:37 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/29 09:20:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 10:27:32 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/05 10:27:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 10:27:14 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/03/05 10:27:13 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/05 10:27:06 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/05 10:27:03 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 10:26:57 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/29 00:58:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/01/05 22:26:03 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/05/25 02:40:00 | 000,450,560 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/05/25 02:40:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/02/17 12:50:20 | 001,040,384 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2005/02/02 08:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 16:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 08:52:48 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP Owner\Desktop\OTL.exe
MOD - [2010/02/02 20:56:10 | 000,049,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\gth.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/21 20:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL
MOD - [2007/03/21 20:33:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL
MOD - [2005/05/25 02:40:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005/02/02 08:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/05 10:27:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/05 10:27:13 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/05 10:27:06 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/04/19 08:50:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/05 10:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 10:27:17 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/05 10:27:17 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/05 10:27:16 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/05 10:27:16 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/05 10:27:04 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 10:26:58 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/16 12:08:27 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/01/16 12:08:27 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2005/08/23 19:26:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/20 15:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 15:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 15:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/04/04 12:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/22 15:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 15:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 15:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 12:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 12:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/12/17 01:52:58 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/11 19:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/06/28 06:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlanticbb.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ED36B15A-6161-425C-8E4B-2298DEE3B7BF}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{ED36B15A-6161-425C-8E4B-2298DEE3B7BF}\ [2009/01/07 18:04:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/19 21:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/03/25 16:33:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/05/23 00:36:51 | 000,000,000 | ---D | M]

[2006/09/22 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP Owner\Application Data\Mozilla\Firefox\Profiles\vd0l7gqx.default\extensions
[2010/05/23 00:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:36:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2006/09/22 21:23:52 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/09/22 21:23:53 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/09/22 21:23:52 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/05/23 00:36:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2003/02/24 17:58:34 | 000,729,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2006/09/22 21:23:58 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2006/09/22 21:23:57 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2006/09/22 21:23:57 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2006/09/22 21:23:57 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2006/09/22 21:23:57 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2006/09/22 21:23:57 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2006/09/22 21:23:57 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2006/09/22 21:23:57 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2006/09/22 21:23:57 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2006/09/22 21:23:57 | 000,000,718 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2006/09/22 21:23:57 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2006/09/22 21:23:57 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {807DB8B6-1154-4C06-AB53-6C70BAAF4C2D} - C:\WINDOWS\System32\cbXQkihF.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\Hp\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hp\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\mlJYstQi: DllName - mlJYstQi.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\cbXQkihF) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/11 22:25:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/30 08:52:59 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP Owner\Desktop\OTL.exe
[2010/05/26 18:30:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/25 07:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\juddxalqb
[2010/05/24 20:15:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/23 08:58:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/23 08:58:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/23 08:58:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/23 08:58:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/23 08:57:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/23 08:49:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 00:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/22 23:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP Owner\Application Data\Malwarebytes
[2010/05/22 23:58:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 23:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/22 23:58:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 23:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/22 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\ryuwerkom
[2010/04/21 06:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/21 06:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/19 21:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/04/10 06:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/04/10 06:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/06 21:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP Owner\Application Data\AVG9
[2010/04/04 10:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/04 10:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/25 16:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/16 19:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP Owner\My Documents\meg music
[2010/03/06 13:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/05 10:27:31 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/30 08:52:48 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP Owner\Desktop\OTL.exe
[2010/05/30 08:11:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 06:11:01 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2010/05/30 06:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/29 20:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\mziaeiex.job
[2010/05/27 05:25:11 | 060,433,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/26 21:25:12 | 000,591,188 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/05/26 21:14:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/26 19:53:10 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 18:17:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 18:15:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 18:15:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 18:15:31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 18:12:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/24 20:05:59 | 003,696,466 | R--- | M] () -- C:\Documents and Settings\HP Owner\Desktop\ComboFix.exe
[2010/05/24 20:03:36 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP Owner\Desktop\rkill.scr
[2010/05/24 18:07:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 21:27:53 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP Owner\Desktop\x5uoshig.exe
[2010/05/23 00:25:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP Owner\ntuser.ini
[2010/05/23 00:25:26 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP Owner\NTUSER.DAT
[2010/05/22 23:58:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/21 23:33:25 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/20 20:04:38 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/05/18 21:14:28 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/17 17:24:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/05/17 17:24:37 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 18:48:15 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\HP Owner\Desktop\Shortcut to Add or Remove Programs.lnk
[2010/04/20 21:39:35 | 000,014,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3289215207
[2010/04/20 21:39:34 | 000,014,000 | -HS- | M] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\3289215207
[2010/04/20 06:27:51 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\7Alp65jw
[2010/04/20 06:27:51 | 000,014,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7Alp65jw
[2010/04/19 08:50:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/16 03:07:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 03:07:21 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/07 06:10:53 | 000,015,916 | -HS- | M] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\3Yfi
[2010/04/07 06:10:53 | 000,015,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 21:00:04 | 000,000,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/04/05 21:00:03 | 000,000,916 | -HS- | M] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/03 12:04:22 | 000,525,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/03 12:04:22 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/03 12:04:22 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/11 04:08:42 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/07 13:25:33 | 000,055,332 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 10:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/05 10:27:31 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/05 10:27:17 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/03/05 10:27:04 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/05 10:26:58 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 20:05:56 | 003,696,466 | R--- | C] () -- C:\Documents and Settings\HP Owner\Desktop\ComboFix.exe
[2010/05/24 20:03:44 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP Owner\Desktop\rkill.scr
[2010/05/24 18:07:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 21:27:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP Owner\Desktop\x5uoshig.exe
[2010/05/23 08:58:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 08:58:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/23 08:58:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/23 08:58:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/23 08:58:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/22 23:58:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 21:14:28 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/17 17:24:27 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\HP Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/05/17 17:24:15 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\HP Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/04/25 18:48:15 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\HP Owner\Desktop\Shortcut to Add or Remove Programs.lnk
[2010/04/20 21:39:33 | 000,014,000 | -HS- | C] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\3289215207
[2010/04/20 21:39:33 | 000,014,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3289215207
[2010/04/19 21:02:48 | 000,014,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7Alp65jw
[2010/04/19 21:02:47 | 000,014,004 | -HS- | C] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\7Alp65jw
[2010/04/06 21:43:06 | 000,015,916 | -HS- | C] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\3Yfi
[2010/04/06 21:43:06 | 000,015,916 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 21:00:03 | 000,000,916 | -HS- | C] () -- C:\Documents and Settings\HP Owner\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 21:00:03 | 000,000,916 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/03/25 16:43:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/06 23:30:36 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\olageptr.ini
[2009/01/05 18:20:49 | 001,320,830 | -HS- | C] () -- C:\WINDOWS\System32\fllbkanh.ini
[2009/01/05 18:14:45 | 000,001,645 | -HS- | C] () -- C:\WINDOWS\System32\FhikQXbc.ini2
[2009/01/05 18:14:45 | 000,001,645 | -HS- | C] () -- C:\WINDOWS\System32\FhikQXbc.ini
[2008/05/17 03:01:38 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/01 20:23:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/10/29 13:50:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/09 18:25:38 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2007/09/09 18:25:37 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2007/05/25 07:06:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/18 09:33:32 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/09 22:16:03 | 000,000,357 | ---- | C] () -- C:\WINDOWS\Learn About Machines.ini
[2006/08/08 16:50:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/25 13:27:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/29 20:42:46 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/05 22:29:17 | 000,001,296 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/26 20:21:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2005/12/26 20:21:05 | 001,204,224 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2005/12/26 20:21:03 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2005/12/26 20:21:02 | 000,946,176 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2005/11/29 21:12:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/05/12 00:02:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/12 00:02:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/12 00:02:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/12 00:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/12 00:02:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 23:49:08 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 15:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/21 16:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/17 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/04/20 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2005/05/12 00:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/02/09 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/12/18 17:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/11/10 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/23 08:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/19 13:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/12 20:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/29 20:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\mziaeiex.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2002/07/26 17:02:06 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/26 10:24:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/26 10:24:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/26 10:24:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/26 10:24:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/05/26 01:44:54 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/05/26 01:44:54 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
< End of report >

Edited by Orange Blossom, 30 May 2010 - 01:26 PM.
Merged topics and moving to log forum. ~ OB


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 30 May 2010 - 02:38 PM

Hello, terrier.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please don't forget to post the GMER log you ran. Let me know if you need help getting the log.

Also, have you run Combofix? It appears you did. Please post the contents of C:\combofix.txt here. If you have not run it, please do NOT run it yet.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 08:25 AM

etavares - grateful to see you are willing to help. I'll rerun combo fix and post the log...also,GMER is giving me an error, I'll post that message

Thanks!!

Combofix error:

Missing C:/Windows/regedit.exe
Copy one from another location

Edited by terrier01, 31 May 2010 - 08:45 AM.


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 31 May 2010 - 08:59 AM

Hi terrier01-

Please make sure to carefully read my instructions. I asked for the logfile C:\combofix.txt but please do NOT rerun it yet. Is the error above in GMER? Have you renamed regedit.exe? please do this:

Go to start --> Run, type the bolded text, press enter, then post the logfile that will appear at c:\log.txt.
dir c:\windows\ > c:\log.txt

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 09:10 AM

Windows cannot find dir, make sure you have typed it correctly

Tried it without dir and just got to windows folder with list of all subfolders...

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 31 May 2010 - 10:09 AM

Hello, terrier01.
OK, please do this.



Step 1

Please open C:\combofix.txt and copy and paste the contents in your reply.



Step 2
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    dir c:\windows > c:\log.txt
    start c:\log.txt
    del %0

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click fixme.bat on your desktop to run the fix.
  7. A window will briefly pop up then close.

etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 12:58 PM

ran the notepad fix...seemed to work

searched for combofix files and found no .txt files, I can see the download file and the AVG profile but no .txt file.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 31 May 2010 - 01:33 PM

ok, please post c:\log.txt here then.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:26 PM

every time I try to post a reply with the log in it, it says not connected to internet (?)

Volume in drive C has no label.
Volume Serial Number is 75A1-75BE

Directory of c:\windows

05/26/2010 06:17 PM <DIR> .
05/26/2010 06:17 PM <DIR> ..
05/26/2010 06:17 PM 0 0.log
12/28/2006 03:01 PM 19,569 002709_.tmp
05/21/1996 06:13 PM 374,784 3dg32.dll
04/17/1996 08:48 AM 250 3dr.ini
01/06/2004 01:00 PM 13,942 accessories.ico
02/01/2008 08:23 PM 696 ActiveXIPIX.log
10/29/2007 01:50 PM <DIR> addins
07/30/2004 11:59 AM 5,430 AG-Rose.ico
02/15/2010 05:01 AM <DIR> AppPatch
10/29/2007 01:59 PM 1,071 AWMODEM.INF
08/08/2006 04:51 PM <DIR> BBSTORE
08/04/2004 04:00 AM 1,272 Blue Lace 16.bmp
05/11/2004 04:47 AM 6,912,056 Blue Sonic.bmp
04/22/2006 04:40 PM 118,784 bwUnin-7.2.0.137-8876480SL.exe
04/23/2006 11:28 PM 118,784 bwUnin-7.2.0.157-8876480SL.exe
03/23/2007 01:04 AM 127,034 bwUnin-8.1.1.50-8876480SL.exe
05/13/2006 08:45 PM 1,296 cdplayer.ini
01/07/2006 12:35 AM 1,363 checkip.dat
03/15/2005 12:14 PM 28,672 ciaunwdm.exe
08/04/2004 04:00 AM 82,944 clock.avi
12/26/2008 10:42 AM 373 cmsetacl.log
08/04/2004 04:00 AM 17,062 Coffee Bean.bmp
05/11/2005 11:42 PM 2,894 COM+.log
04/16/2010 03:08 AM 535,687 comsetup.log
05/11/2005 10:25 PM <DIR> Config
05/11/2005 10:25 PM <DIR> Connection Wizard
08/07/2004 08:58 AM 0 control.ini
07/27/2007 11:22 AM 201,728 creator
05/24/2003 06:32 AM 6,912,056 Crystal Rush.bmp
05/11/2005 10:25 PM <DIR> Cursors
08/22/2008 02:01 PM <DIR> Debug
08/04/2004 04:00 AM 2 desktop.ini
08/26/2005 02:27 PM 45,056 devenum.exe
06/09/2008 01:31 PM <DIR> Downloaded Installations
05/11/2005 10:25 PM <DIR> Driver Cache
12/26/2008 12:01 PM 867 DtcInstall.log
12/26/2008 10:24 AM <DIR> EHome
05/23/2010 08:57 AM <DIR> ERDNT
09/04/2006 12:40 PM 491 eReg.dat
09/04/2006 12:28 PM 355 EReg072.dat
04/13/2008 08:12 PM 1,033,728 explorer.exe
08/04/2004 04:00 AM 80 explorer.scf
04/16/2010 03:08 AM 1,757,571 FaxSetup.log
08/04/2004 04:00 AM 16,730 FeatherTexture.bmp
05/24/2003 06:48 AM 6,912,056 Fractal Blue.bmp
05/05/2006 08:36 PM 121 GEARInstall.log
08/04/2004 04:00 AM 17,336 Gone Fishing.bmp
08/04/2004 04:00 AM 26,582 Greenstone.bmp
08/31/2000 08:00 AM 80,412 grep.exe
02/14/2010 09:58 PM <DIR> Help
05/11/2005 11:48 PM <DIR> Hewlett-Packard
04/13/2008 08:12 PM 10,752 hh.exe
04/29/2006 08:42 PM 206 HPGdiPlus.ini
02/26/2006 11:16 PM 94,289 HPHins03.dat
06/07/2004 12:41 AM 2,655 hphmdl03.dat
06/07/2004 12:41 AM 2,655 hphmdl03.dat.temp
02/24/2004 10:20 AM 4,286 hpmusic.ico
05/25/2007 07:06 AM 214 HP_48BitScanUpdatePatch.ini
02/14/2007 11:01 PM 14,247 IDNMitigationAPIs.log
11/17/2006 04:31 PM 886 IE4 Error Log.txt
02/14/2007 11:03 PM 51,328 ie7.log
02/15/2010 04:05 AM <DIR> ie7updates
02/14/2007 11:03 PM 32,842 ie7_main.log
05/20/2010 07:38 PM 1,792 ie8_main.log
04/16/2010 03:08 AM 272,465 iis6.log
12/26/2008 11:56 AM <DIR> ime
04/16/2010 03:07 AM 1,374 imsins.BAK
04/16/2010 03:08 AM 1,374 imsins.log
02/01/2008 08:23 PM 37 ipixActivex.ini
06/17/1999 03:06 PM 28,672 ipUnInst.exe
10/29/1998 04:45 PM 306,688 IsUninst.exe
05/11/2005 10:25 PM <DIR> java

2 of 3

05/11/2005 11:38 PM 7,590 KB873333.log
05/11/2005 11:38 PM 7,144 KB873339.log
05/11/2005 11:46 PM 3,588 KB883667.log
05/11/2005 11:46 PM 4,261 KB884575.log
05/11/2005 11:38 PM 7,402 KB885250.log
05/11/2005 11:46 PM 4,195 KB885464.log
05/11/2005 11:38 PM 7,826 KB885835.log
05/11/2005 11:38 PM 7,497 KB885836.log
05/11/2005 11:46 PM 3,744 KB885855.log
05/11/2005 11:38 PM 5,717 KB885884.log
05/11/2005 11:38 PM 7,794 KB886185.log
05/11/2005 11:38 PM 7,535 KB887472.log
12/24/2005 05:05 PM 27,550 KB887742.log
05/11/2005 11:38 PM 7,474 KB888113.log
05/11/2005 11:46 PM 3,498 KB888239.log
05/11/2005 11:38 PM 8,009 KB888302.log
12/24/2005 05:05 PM 19,028 KB890046.log
05/11/2005 11:39 PM 8,627 KB890047.log
05/11/2005 11:39 PM 8,502 KB890175.log
12/24/2005 05:04 PM 16,658 KB890859.log
05/11/2005 11:39 PM 8,394 KB891781.log
05/11/2005 11:46 PM 4,091 KB892559.log
12/24/2005 05:05 PM 18,428 KB893066.log
12/24/2005 05:06 PM 29,244 KB893756.log
12/23/2005 12:44 PM 5,643 KB893803v2.log
12/24/2005 05:04 PM 16,518 KB894391.log
12/24/2005 05:05 PM 27,972 KB896358.log
12/24/2005 05:06 PM 29,272 KB896422.log
12/24/2005 05:05 PM 27,437 KB896423.log
12/24/2005 05:06 PM 29,869 KB896424.log
12/24/2005 05:04 PM 16,076 KB896428.log
12/24/2005 05:05 PM 19,082 KB898458.log
12/23/2005 12:43 PM 7,283 KB898461.log
12/24/2005 05:06 PM 30,145 KB899587.log
12/24/2005 05:06 PM 29,646 KB899591.log
04/26/2006 07:08 AM 13,439 KB900485.log
12/24/2005 05:04 PM 19,123 KB900725.log
12/24/2005 05:06 PM 29,325 KB901017.log
12/24/2005 05:04 PM 17,701 KB901214.log
12/24/2005 05:05 PM 26,567 KB902400.log
12/24/2005 05:04 PM 16,610 KB904706.log
02/14/2007 11:00 PM 11,465 KB904942.log
12/24/2005 05:05 PM 18,772 KB905414.log
12/24/2005 05:04 PM 17,278 KB905749.log
12/24/2005 05:05 PM 29,854 KB905915.log
01/13/2006 08:05 AM 10,869 KB908519.log
04/15/2006 03:01 AM 18,257 KB908531.log
12/24/2005 05:05 PM 22,587 KB910437.log
06/17/2006 06:37 AM 18,578 KB911280.log
04/15/2006 03:01 AM 17,509 KB911562.log
02/17/2006 08:17 AM 4,495 KB911564.log
04/15/2006 03:01 AM 9,879 KB911565.log
04/15/2006 03:00 AM 11,411 KB911567.log
02/17/2006 08:17 AM 11,384 KB911927.log
04/15/2006 03:01 AM 19,039 KB912812.log
01/06/2006 11:20 PM 11,728 KB912919.log
02/17/2006 08:17 AM 7,057 KB913446.log
05/10/2006 02:39 PM 12,417 KB913580.log
07/12/2006 03:01 AM 15,159 KB914388.log
06/17/2006 06:36 AM 12,432 KB914389.log
02/14/2007 11:00 PM 5,937 KB914440.log
02/14/2007 11:01 PM 12,860 KB915865.log
06/17/2006 06:37 AM 21,185 KB916281.log
07/12/2006 03:00 AM 13,333 KB916595.log
07/12/2006 03:01 AM 14,551 KB917159.log
06/17/2006 06:38 AM 19,649 KB917344.log
08/19/2006 03:00 AM 12,666 KB917422.log
06/17/2006 06:40 AM 13,097 KB917734.log
06/17/2006 06:37 AM 18,677 KB917953.log
02/17/2007 04:00 AM 12,063 KB918118.log
06/17/2006 06:38 AM 19,022 KB918439.log
08/19/2006 03:01 AM 22,241 KB918899.log
09/13/2006 03:00 AM 12,147 KB919007.log
11/17/2006 04:00 AM 19,918 KB920213.log
08/19/2006 03:01 AM 19,230 KB920214.log
08/19/2006 03:00 AM 12,503 KB920670.log
08/19/2006 03:00 AM 12,969 KB920683.log
09/13/2006 03:01 AM 11,992 KB920685.log
09/13/2006 03:01 AM 13,745 KB920872.log
08/19/2006 03:01 AM 19,610 KB921398.log
08/16/2007 03:03 AM 19,993 KB921503.log
08/10/2006 03:00 AM 11,823 KB921883.log
09/13/2006 03:00 AM 7,965 KB922582.log
08/19/2006 03:01 AM 19,220 KB922616.log
11/17/2006 04:00 AM 21,919 KB922760.log
10/13/2006 03:01 AM 12,881 KB922819.log
10/13/2006 03:01 AM 9,466 KB923191.log
10/13/2006 03:01 AM 12,072 KB923414.log
02/15/2010 04:04 AM 14,999 KB923561.log
12/15/2006 04:01 AM 10,288 KB923689.log
12/15/2006 04:01 AM 11,840 KB923694.log
02/17/2007 04:01 AM 12,386 KB923723.log
11/17/2006 04:02 AM 20,941 KB923980.log
10/13/2006 03:01 AM 13,079 KB924191.log
11/17/2006 04:01 AM 20,950 KB924270.log
10/13/2006 03:01 AM 12,065 KB924496.log
02/17/2007 04:01 AM 17,349 KB924667.log
12/15/2006 04:01 AM 8,965 KB925398.log
02/14/2007 11:00 PM 34,017 KB925454.log
09/27/2006 03:00 AM 12,589 KB925486.log
04/04/2007 03:00 AM 14,422 KB925902.log
04/15/2007 12:35 PM 5,793 KB926239.log
12/15/2006 04:01 AM 11,934 KB926255.log
02/17/2007 04:01 AM 18,929 KB926436.log
02/17/2007 04:01 AM 23,858 KB927779.log
02/17/2007 04:01 AM 20,962 KB927802.log
05/23/2007 03:00 AM 9,598 KB927891.log
02/17/2007 04:01 AM 13,132 KB928090-IE7.log
02/17/2007 04:01 AM 20,628 KB928255.log
02/17/2007 04:00 AM 11,337 KB928843.log
06/17/2007 03:02 AM 20,466 KB929123.log
03/15/2007 03:00 AM 12,980 KB929338.log
04/16/2007 03:00 AM 8,359 KB929399.log
02/17/2007 04:00 AM 16,246 KB929969.log
04/12/2007 03:00 AM 13,291 KB930178.log
05/10/2007 03:02 AM 18,587 KB930916.log
04/12/2007 03:00 AM 12,987 KB931261.log
05/10/2007 03:03 AM 22,611 KB931768-IE7.log
04/12/2007 03:01 AM 14,952 KB931784.log
02/17/2007 04:01 AM 29,150 KB931836.log
04/12/2007 03:00 AM 14,131 KB932168.log
05/28/2008 03:00 AM 12,362 KB932823-v3.log
08/30/2007 03:00 AM 28,870 KB933360.log
06/17/2007 03:01 AM 24,490 KB933566-IE7.log
10/11/2007 03:02 AM 15,321 KB933729.log
06/17/2007 03:01 AM 19,442 KB935839.log
06/17/2007 03:02 AM 19,792 KB935840.log
08/16/2007 03:04 AM 21,113 KB936021.log
08/16/2007 03:00 AM 8,318 KB936782.log
08/16/2007 03:02 AM 24,527 KB937143-IE7.log
08/16/2007 03:01 AM 12,641 KB938127-IE7.log
12/26/2008 10:50 AM 205,420 KB938464.log
08/16/2007 03:03 AM 20,619 KB938828.log
08/16/2007 03:03 AM 19,788 KB938829.log
10/11/2007 03:01 AM 25,248 KB939653-IE7.log
08/31/2007 03:00 AM 11,259 KB939683.log
10/11/2007 03:00 AM 12,041 KB941202.log
12/12/2007 04:00 AM 11,306 KB941568.log
12/12/2007 04:01 AM 18,365 KB941569.log
01/09/2008 04:00 AM 11,821 KB941644.log
04/09/2008 03:02 AM 23,679 KB941693.log
12/12/2007 04:01 AM 25,155 KB942615-IE7.log
12/12/2007 04:01 AM 32,061 KB942763.log
02/14/2008 04:01 AM 12,141 KB943055.log
11/15/2007 04:02 AM 7,292 KB943460.log
01/09/2008 04:00 AM 12,036 KB943485.log
02/14/2008 04:01 AM 26,706 KB944533-IE7.log
12/12/2007 04:00 AM 11,958 KB944653.log
04/09/2008 03:00 AM 13,837 KB945553.log
02/14/2008 04:01 AM 21,451 KB946026.log
12/26/2008 10:52 AM 223,589 KB946648.log
04/09/2008 03:02 AM 23,147 KB947864-IE7.log
04/09/2008 03:02 AM 13,841 KB948590.log
04/09/2008 03:02 AM 18,290 KB948881.log
05/14/2008 03:00 AM 14,430 KB950749.log
06/10/2008 09:34 PM 17,922 KB950759-IE7.log
06/10/2008 09:32 PM 6,835 KB950760.log
12/26/2008 10:54 AM 204,679 KB950762.log
12/26/2008 10:55 AM 230,455 KB950974.log
12/26/2008 10:57 AM 214,236 KB951066.log
12/26/2008 10:57 AM 47,895 KB951072-v2.log
12/26/2008 11:01 AM 204,690 KB951376-v2.log
12/26/2008 10:59 AM 204,361 KB951376.log
12/26/2008 11:03 AM 208,343 KB951698.log
12/26/2008 11:05 AM 215,685 KB951748.log
12/27/2008 04:02 AM 101,025 KB951978.log
02/15/2010 04:20 AM 37,233 KB952004.log
12/13/2008 04:14 AM 22,698 KB952069.log
12/26/2008 11:06 AM 222,477 KB952287.log
12/26/2008 11:08 AM 231,004 KB952954.log
08/15/2008 03:02 AM 30,972 KB953838-IE7.log
08/15/2008 03:03 AM 25,770 KB953839.log
09/10/2008 03:00 AM 6,219 KB954154.log
02/15/2010 04:25 AM 34,256 KB954155.log
12/26/2008 11:14 AM 207,922 KB954211.log
12/27/2008 04:01 AM 97,872 KB954459.log
12/26/2008 11:17 AM 205,938 KB954600.log
12/26/2008 11:22 AM 209,646 KB955069.log
02/15/2010 04:34 AM 68,636 KB955759.log
12/26/2008 11:22 AM 41,143 KB955839.log
10/16/2008 03:02 AM 29,804 KB956390-IE7.log
10/16/2008 03:02 AM 18,151 KB956391.log
02/15/2010 04:23 AM 35,796 KB956572.log
02/15/2010 04:23 AM 34,346 KB956744.log
12/26/2008 11:26 AM 214,463 KB956802.log
12/26/2008 11:30 AM 217,922 KB956803.log
12/26/2008 11:32 AM 209,164 KB956841.log
02/15/2010 04:22 AM 30,377 KB956844.log
12/26/2008 11:34 AM 216,959 KB957095.log
12/26/2008 11:35 AM 207,532 KB957097.log
12/13/2008 04:10 AM 21,715 KB958215-IE7.log
12/26/2008 11:38 AM 208,523 KB958644.log
02/15/2010 04:41 AM 65,513 KB958869.log
02/15/2010 04:44 AM 75,069 KB959426.log
02/15/2010 04:25 AM 40,078 KB960225.log
12/19/2008 04:01 AM 8,182 KB960714-IE7.log
02/15/2010 04:06 AM 31,022 KB960803.log
02/15/2010 04:43 AM 74,451 KB960859.log
02/18/2010 04:04 AM 6,278 KB961118.log
02/15/2010 04:21 AM 37,397 KB961501.log
02/15/2010 04:18 AM 34,054 KB967715.log
02/15/2010 04:03 AM 19,014 KB968389.log
02/15/2010 04:33 AM 66,825 KB968816.log
02/15/2010 04:34 AM 73,318 KB969059.log
02/15/2010 04:03 AM 15,329 KB969947.log
02/15/2010 04:11 AM 31,922 KB970238.log
02/16/2010 04:04 AM 14,508 KB970430.log
02/15/2010 04:43 AM 68,091 KB971468.log
02/15/2010 04:09 AM 26,983 KB971486.log
02/15/2010 04:25 AM 40,583 KB971657.log
02/16/2010 04:02 AM 12,816 KB971737.log
02/15/2010 04:03 AM 13,581 KB971961.log
02/15/2010 04:24 AM 34,099 KB972270.log
02/15/2010 04:18 AM 28,076 KB973354.log
02/15/2010 04:19 AM 35,039 KB973507.log
02/15/2010 04:17 AM 28,882 KB973540.log
02/15/2010 04:19 AM 29,081 KB973687.log
02/15/2010 04:06 AM 30,468 KB973815.log
02/15/2010 04:21 AM 30,087 KB973869.log
02/15/2010 04:18 AM 29,042 KB973904.log
02/15/2010 04:23 AM 39,907 KB974112.log
02/15/2010 04:34 AM 73,915 KB974318.log
02/15/2010 04:17 AM 33,746 KB974392.log
02/15/2010 04:20 AM 35,337 KB974571.log
02/15/2010 04:21 AM 36,072 KB975025.log
02/15/2010 04:03 AM 18,915 KB975467.log
02/15/2010 04:20 AM 35,658 KB975560.log
03/11/2010 04:06 AM 7,313 KB975561.log
02/15/2010 04:26 AM 41,284 KB975713.log
02/15/2010 04:40 AM 64,346 KB976098-v2.log
02/16/2010 04:02 AM 8,769 KB977165.log
04/16/2010 03:02 AM 11,158 KB977816.log
02/15/2010 04:11 AM 32,962 KB977914.log
02/15/2010 04:27 AM 70,786 KB978037.log
02/15/2010 04:06 AM 107,331 KB978207-IE7.log
02/15/2010 04:21 AM 30,456 KB978251.log
02/15/2010 04:44 AM 67,789 KB978262.log
04/16/2010 03:03 AM 11,749 KB978338.log
04/14/2010 03:02 AM 12,077 KB978601.log
02/15/2010 04:07 AM 30,876 KB978706.log
02/27/2010 04:00 AM 5,307 KB979306.log
04/14/2010 03:02 AM 12,887 KB979309.log
04/16/2010 03:08 AM 9,206 KB979683.log
03/31/2010 03:04 AM 109,036 KB980182-IE7.log
04/16/2010 03:07 AM 7,758 KB980232.log
04/16/2010 03:03 AM 12,925 KB981349.log
04/22/2006 04:39 PM 86 KE.log
05/20/2005 02:46 PM 28,160 KHALMNPR.Exe

#11 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:33 PM

can't get the last 3rd to post without the not connected to internet response

12/26/2008 10:40 AM <DIR> l2schemas
04/22/2006 04:40 PM 180 LDM.log
11/09/2006 10:24 PM 357 Learn About Machines.ini
10/25/2009 06:11 AM 77,312 MBR.exe
02/14/2007 11:02 PM <DIR> Media
02/18/2010 04:40 AM <DIR> Microsoft.NET
01/15/2009 11:54 AM <DIR> Minidump
05/11/2005 11:51 PM 1,489 MnyAdvPak.log
05/26/2010 06:17 PM 4,186 ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
09/22/2006 09:23 PM 2,301 mozver.dat
12/26/2008 10:34 AM <DIR> msagent
05/11/2005 10:25 PM <DIR> msapps
04/15/2007 12:34 PM 3,995 MSCompPackV1.log
08/04/2004 04:00 AM 1,405 msdfmap.ini
04/16/2010 03:08 AM 86,338 msgsocm.log
03/10/2006 11:22 PM 4,986 msnavpklog.txt
08/16/2007 03:01 AM 291,996 msxml4-KB936181-enu.LOG
11/13/2008 04:01 AM 318,554 msxml4-KB954430-enu.LOG
02/15/2010 04:05 AM 309,926 msxml4-KB973688-enu.LOG
05/11/2005 10:25 PM <DIR> mui
01/07/2006 01:51 AM 118 NetwkCfg.txt
08/02/2009 08:23 PM <DIR> network diagnostic
04/20/2009 12:56 PM 31,232 NIRCMD.exe
02/14/2007 11:01 PM 14,048 NLSDownlevelMapping.log
04/13/2008 08:12 PM 69,120 notepad.exe
09/22/2006 09:24 PM 0 nsreg.dat
10/19/2006 02:05 PM 372 nsw.log
04/16/2010 03:08 AM 323,498 ntdtcsetup.log
04/16/2010 03:08 AM 813,951 ocgen.log
04/16/2010 03:08 AM 88,041 ocmsn.log
11/29/2005 09:12 PM 376 ODBC.INI
08/07/2004 08:57 AM 4,161 ODBCINST.INI
12/26/2008 12:02 PM 1,868 OEWABLog.txt
05/11/2005 10:25 PM <DIR> Offline Web Pages
06/25/2006 01:27 PM 0 OpPrintServer.INI
08/07/2004 09:10 AM 780 orun32.ini
08/07/2004 09:10 AM 203,055 orun32.isu
05/11/2005 10:25 PM <DIR> pchealth
12/26/2008 10:40 AM <DIR> PeerNet
04/26/2010 03:58 PM 256,512 PEV.exe
06/30/2008 12:20 PM 0 PowerReg.dat
08/04/2004 04:00 AM 65,954 Prairie Wind.bmp
05/31/2010 01:49 PM <DIR> Prefetch
05/11/2005 10:25 PM <DIR> Provisioning
07/23/2007 04:18 PM 1,409 QTFont.for
04/13/2008 08:12 PM 146,432 regedit.exe.exe
05/12/2005 12:03 AM <DIR> RegisteredPackages
10/13/2007 03:03 PM <DIR> Registration
05/11/2005 11:49 PM 8,192 REGLOCS.OLD
11/30/2005 04:02 AM 3,836 regopt.log
05/11/2005 10:26 PM <DIR> repair
05/11/2005 10:25 PM <DIR> Resources
08/04/2004 04:00 AM 17,362 Rhododendron.bmp
08/04/2004 04:00 AM 26,680 River Sumida.bmp
08/04/2004 04:00 AM 65,832 Santa Fe Stucco.bmp
05/30/2010 02:11 PM 32,640 SchedLgU.Txt
12/26/2008 10:53 AM <DIR> security
08/31/2000 08:00 AM 98,816 sed.exe
12/26/2008 10:41 AM <DIR> ServicePackFiles
12/26/2008 10:42 AM 3,598 sessmgr.setup.log
08/08/2006 04:50 PM 0 SETUP32.INI
04/22/2006 04:39 PM 200,710 setupact.log
05/20/2010 08:43 PM 965,371 setupapi.log
07/03/2006 09:40 PM 1,035,979 setupapi.log.0.old
08/07/2004 08:58 AM 92 setuperr.log
12/26/2008 11:59 AM 892,088 setuplog.txt
11/29/2005 09:11 PM <DIR> SHELLNEW
04/13/2008 08:12 PM 32,866 slrundll.exe
08/07/2004 09:16 AM 61 smscfg.ini
08/04/2004 04:00 AM 65,978 Soap Bubbles.bmp
05/22/2007 02:57 PM <DIR> SoftwareDistribution
02/17/2010 04:44 AM 49,128 spupdsvc.log
12/26/2008 11:58 AM 187 spupdsvc.log.1.log
12/26/2008 10:34 AM <DIR> srchasst
08/07/2004 01:51 AM 0 Sti_Trace.log
12/30/2005 05:21 PM <DIR> Sun
12/26/2008 11:39 AM 537,340 svcpack.log
08/31/2000 08:00 AM 161,792 SWREG.exe
08/31/2000 08:00 AM 136,704 SWSC.exe


Looks like issue is regedit.exe is named regedit.exe.exe I must have screwed that up at some point...I won't change it until you tell me

thanks for your help, I don't have much experience with this so I am making it harder...sorry

Edited by terrier01, 31 May 2010 - 05:37 PM.


#12 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:39 PM

trying last piece

12/26/2008 10:40 AM <DIR> l2schemas
04/22/2006 04:40 PM 180 LDM.log
11/09/2006 10:24 PM 357 Learn About Machines.ini
10/25/2009 06:11 AM 77,312 MBR.exe
02/14/2007 11:02 PM <DIR> Media
02/18/2010 04:40 AM <DIR> Microsoft.NET
01/15/2009 11:54 AM <DIR> Minidump
05/11/2005 11:51 PM 1,489 MnyAdvPak.log
05/26/2010 06:17 PM 4,186 ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
09/22/2006 09:23 PM 2,301 mozver.dat
12/26/2008 10:34 AM <DIR> msagent
05/11/2005 10:25 PM <DIR> msapps
04/15/2007 12:34 PM 3,995 MSCompPackV1.log
08/04/2004 04:00 AM 1,405 msdfmap.ini
04/16/2010 03:08 AM 86,338 msgsocm.log
03/10/2006 11:22 PM 4,986 msnavpklog.txt
08/16/2007 03:01 AM 291,996 msxml4-KB936181-enu.LOG
11/13/2008 04:01 AM 318,554 msxml4-KB954430-enu.LOG
02/15/2010 04:05 AM 309,926 msxml4-KB973688-enu.LOG
05/11/2005 10:25 PM <DIR> mui
01/07/2006 01:51 AM 118 NetwkCfg.txt
08/02/2009 08:23 PM <DIR> network diagnostic
04/20/2009 12:56 PM 31,232 NIRCMD.exe
02/14/2007 11:01 PM 14,048 NLSDownlevelMapping.log
04/13/2008 08:12 PM 69,120 notepad.exe
09/22/2006 09:24 PM 0 nsreg.dat
10/19/2006 02:05 PM 372 nsw.log
04/16/2010 03:08 AM 323,498 ntdtcsetup.log
04/16/2010 03:08 AM 813,951 ocgen.log
04/16/2010 03:08 AM 88,041 ocmsn.log
11/29/2005 09:12 PM 376 ODBC.INI
08/07/2004 08:57 AM 4,161 ODBCINST.INI
12/26/2008 12:02 PM 1,868 OEWABLog.txt
05/11/2005 10:25 PM <DIR> Offline Web Pages
06/25/2006 01:27 PM 0 OpPrintServer.INI
08/07/2004 09:10 AM 780 orun32.ini
08/07/2004 09:10 AM 203,055 orun32.isu
05/11/2005 10:25 PM <DIR> pchealth
12/26/2008 10:40 AM <DIR> PeerNet
04/26/2010 03:58 PM 256,512 PEV.exe
06/30/2008 12:20 PM 0 PowerReg.dat
08/04/2004 04:00 AM 65,954 Prairie Wind.bmp
05/31/2010 01:49 PM <DIR> Prefetch
05/11/2005 10:25 PM <DIR> Provisioning
07/23/2007 04:18 PM 1,409 QTFont.for
04/13/2008 08:12 PM 146,432 regedit.exe.exe

Edited by terrier01, 31 May 2010 - 05:40 PM.


#13 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:41 PM

05/12/2005 12:03 AM <DIR> RegisteredPackages
10/13/2007 03:03 PM <DIR> Registration
05/11/2005 11:49 PM 8,192 REGLOCS.OLD
11/30/2005 04:02 AM 3,836 regopt.log
05/11/2005 10:26 PM <DIR> repair
05/11/2005 10:25 PM <DIR> Resources
08/04/2004 04:00 AM 17,362 Rhododendron.bmp
08/04/2004 04:00 AM 26,680 River Sumida.bmp
08/04/2004 04:00 AM 65,832 Santa Fe Stucco.bmp
05/30/2010 02:11 PM 32,640 SchedLgU.Txt
12/26/2008 10:53 AM <DIR> security
08/31/2000 08:00 AM 98,816 sed.exe
12/26/2008 10:41 AM <DIR> ServicePackFiles
12/26/2008 10:42 AM 3,598 sessmgr.setup.log
08/08/2006 04:50 PM 0 SETUP32.INI
04/22/2006 04:39 PM 200,710 setupact.log
05/20/2010 08:43 PM 965,371 setupapi.log
07/03/2006 09:40 PM 1,035,979 setupapi.log.0.old
08/07/2004 08:58 AM 92 setuperr.log
12/26/2008 11:59 AM 892,088 setuplog.txt
11/29/2005 09:11 PM <DIR> SHELLNEW
04/13/2008 08:12 PM 32,866 slrundll.exe
08/07/2004 09:16 AM 61 smscfg.ini
08/04/2004 04:00 AM 65,978 Soap Bubbles.bmp
05/22/2007 02:57 PM <DIR> SoftwareDistribution
02/17/2010 04:44 AM 49,128 spupdsvc.log
12/26/2008 11:58 AM 187 spupdsvc.log.1.log
12/26/2008 10:34 AM <DIR> srchasst
08/07/2004 01:51 AM 0 Sti_Trace.log
12/30/2005 05:21 PM <DIR> Sun
12/26/2008 11:39 AM 537,340 svcpack.log
08/31/2000 08:00 AM 161,792 SWREG.exe
08/31/2000 08:00 AM 136,704 SWSC.exe
08/31/2000 08:00 AM 212,480 SWXCACLS.exe
11/10/2009 08:53 PM <DIR> SxsCaPendDel
05/12/2005 12:02 AM 550 SynInst.log
12/26/2008 10:33 AM <DIR> system
11/30/2005 04:02 AM 231 system.ini
05/31/2010 09:51 AM <DIR> system32
08/04/2004 04:00 AM 15,360 TASKMAN.EXE


#14 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:42 PM

05/31/2010 01:50 PM <DIR> Temp
05/12/2005 12:01 AM <DIR> tiinst
05/08/2002 05:09 AM 274,432 TLCUninstall.exe
04/16/2010 03:08 AM 660,733 tsoc.log
08/04/2004 04:00 AM 94,784 twain.dll
05/11/2005 10:25 PM <DIR> twain_32
04/13/2008 08:12 PM 50,688 twain_32.dll
08/04/2004 04:00 AM 49,680 twunk_16.exe
08/04/2004 04:00 AM 25,600 twunk_32.exe
02/22/1999 06:47 PM 126,704 Unwise.exe
08/26/2005 02:28 PM 143,360 unzip.exe
04/16/2010 03:03 AM 275,806 updspapi.log
08/07/2004 08:54 AM 36 vb.ini
08/07/2004 08:54 AM 37 vbaddin.ini
08/04/2004 04:00 AM 18,944 vmmreg32.dll
02/14/2007 11:03 PM <DIR> WBEM
05/11/2005 10:25 PM <DIR> Web
04/04/2007 08:03 PM 29,032 WgaNotify.log
05/26/2010 07:47 PM 263 wiadebug.log
05/26/2010 06:16 PM 49 wiaservc.log
03/11/2010 04:08 AM 603 win.ini


#15 terrier01

terrier01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 31 May 2010 - 05:44 PM

obviously doing something wrong, can't get it to post the last piece

01/04/2009 01:18 PM 82 WININIT.INI
02/18/2010 04:10 AM <DIR> WinSxS
04/15/2007 12:34 PM 29,412 WMFDist11.log
04/15/2007 12:34 PM 18,055 wmp11.log
02/26/2010 03:43 PM 107,412 wmsetup.log
04/25/2007 09:36 PM 1,699 wmsetup10.log
05/12/2005 12:03 AM 316,640 WMSysPr9.prx
12/17/2007 05:29 PM 0 wplog.txt
04/15/2007 12:33 PM 10,783 Wudf01000Inst.log
05/11/2005 11:59 PM 1,151 xpsp1hfm.log
08/04/2004 04:00 AM 9,522 Zapotec.bmp
08/31/2000 08:00 AM 68,096 zip.exe
08/04/2004 04:00 AM 707 _default.pif

Edited by terrier01, 31 May 2010 - 05:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users