Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plagued with a trojan and need to reformat and install


  • This topic is locked This topic is locked
32 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 02 July 2010 - 11:07 PM

Per Animal I need to reformat and install can anyone help? I have used my disk that came with the computer and that is not getting rid of this!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:16 PM

Posted 03 July 2010 - 12:10 AM

Tell us, what exactly you're doing and what exactly happens.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:16 AM

Posted 03 July 2010 - 07:37 AM

Malware situation described, http://www.bleepingcomputer.com/forums/t/328738/wormimsohanatb-wormand-trcryptxpackgen-trojan/.

System manufacturer and model?

Louis

#4 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 03 July 2010 - 11:21 PM

Manufacturer: Hewlett-Packard

Model: SR5123WM

32 bit operating system

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:16 AM

Posted 04 July 2010 - 07:39 AM

http://h10025.www1.hp.com/ewfrf/wc/documen...product=3443290

Above link covers recovery options for your system, per manufacturer.

Louis

#6 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 06 July 2010 - 11:39 PM

ok, i will try this and post back to see if I am clean once this is done

Edited by kymberly, 06 July 2010 - 11:39 PM.


#7 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 July 2010 - 10:13 PM

ok, i have reformatted my computer! I have several unauthorized things from Windows Defender about programs being allowed. Also when I check go to control panel and select administrative tools then event viewer i am getting this message(1) a logon was attempted using explicit credentials, also (2) volume shadow copy service error: unexpected error querying for the IVSS writer callback interface. hr=0x80070005. this is often caused by incorrect security settings in either the writer or requestor process. I would like to see if I am clean. Also, I did get the please wait on several occasions after starting up again.

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:16 AM

Posted 07 July 2010 - 10:33 PM

Hello kymberly.

I have shifted this topic to the Malware forum where we'll take a look at the system.

QUOTE
I have several unauthorized things from Windows Defender about programs being allowed.
This is normal after a reformat, all of the Windows Defender settings have been lost. You will need to have Windows defender allow internet access to programs which you wish to connect to the web, and deny access to other programs. This is best accomplished by setting Windows Defender to "Always Ask" (might not be those exact words). This way, each time a new program attempts to connect to the internet, Windows Defender will ask if you want to allow it to do so.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the "Custom Scans and Fixes" section paste in the below in bold

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    CREATERESTOREPOINT

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 July 2010 - 11:01 PM

thank you so much! I still having problems here, but I just ran combo fix, because I didnt think i was going to get a respond but it deleted something but still has 1 hidden item. i can't install avira antivirus for some reason its not letting me install an antivirus! I will post this for reference anyway just in case something happens to my system.

ComboFix 10-07-06.05 - I Believe 07/07/2010 22:50:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1129 [GMT -7:00]
Running from: c:\users\We will make IT\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 05:53 . 2010-07-08 05:53 -------- d-----w- c:\users\We will make IT\AppData\Local\temp
2010-07-08 05:53 . 2010-07-08 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 05:53 . 2010-07-08 05:53 -------- d-----w- c:\users\I Believe\AppData\Local\temp
2010-07-08 05:19 . 2010-07-08 05:19 97792 ----a-w- c:\windows\system32\cabview.dll
2010-07-08 05:10 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 05:03 . 2010-07-08 05:03 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-07-08 05:03 . 2010-07-08 05:03 44768 ----a-w- c:\windows\system32\wups2.dll
2010-07-08 05:03 . 2010-07-08 05:03 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-08 05:03 . 2010-07-08 05:03 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-07-08 05:02 . 2010-07-08 05:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-08 05:02 . 2010-07-08 05:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-08 04:59 . 2010-07-08 04:59 -------- d-----w- c:\users\We will make IT\AppData\Roaming\Hewlett-Packard
2010-07-08 04:59 . 2010-07-08 04:59 -------- d-----w- c:\users\We will make IT\AppData\Local\Hewlett-Packard
2010-07-08 04:15 . 2010-07-08 04:15 -------- d-----w- c:\users\I Believe\AppData\Local\Hewlett-Packard
2010-07-08 04:14 . 2010-07-08 04:14 92472 ----a-w- c:\users\I Believe\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-08 04:14 . 2010-07-08 04:14 -------- d-----w- c:\users\I Believe\AppData\Roaming\Snapfish
2010-07-08 04:14 . 2010-07-08 04:14 -------- d-----w- c:\users\I Believe\AppData\Local\VirtualStore
2010-07-08 04:12 . 2010-07-08 04:12 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-07-08 04:12 . 2010-07-08 04:15 -------- d-----w- c:\users\I Believe\AppData\Roaming\Hewlett-Packard
2010-06-25 01:50 . 2010-07-08 04:15 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-25 01:46 . 2010-07-08 05:49 -------- d-----w- c:\windows\SMINST
2010-06-25 01:40 . 2010-07-08 04:25 -------- d-----w- c:\programdata\Symantec
2010-06-25 01:40 . 2010-07-08 04:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 01:39 . 2010-07-08 04:28 -------- d-----w- c:\program files\Yahoo!
2010-06-25 01:38 . 2010-07-08 04:26 -------- d-----w- C:\hp
2010-06-25 01:38 . 2006-11-29 10:14 172032 ----a-w- c:\windows\system32\UCI32m15.dll
2010-06-25 01:38 . 2006-11-28 16:44 386560 ------w- c:\windows\system32\drivers\XAudio.exe
2010-06-25 01:38 . 2006-06-19 14:26 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-06-25 01:38 . 2006-06-19 14:26 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-06-25 01:38 . 2007-01-04 16:41 255488 ----a-w- c:\windows\system32\drivers\netr73.sys
2010-06-25 01:37 . 2007-03-19 13:58 101672 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-06-25 01:37 . 2007-03-19 13:39 352768 ----a-w- c:\windows\system32\idecoiins.dll
2010-06-25 01:37 . 2007-03-19 13:39 352768 ----a-w- c:\windows\system32\idecoi.dll
2010-06-25 01:37 . 2010-06-25 01:52 -------- d-----w- c:\windows\Panther
2010-06-25 01:37 . 2010-06-25 01:37 -------- d-----w- c:\windows\system32\OEM
2010-06-25 01:37 . 2010-06-25 01:37 -------- d-----w- C:\Boot
2010-06-25 01:37 . 2010-06-25 01:37 -------- d-----w- c:\program files\earthlink totalaccess
2010-06-25 01:35 . 2010-06-25 01:35 -------- d-----w- c:\programdata\PC-Doctor
2010-06-25 01:34 . 2010-06-25 01:50 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-06-25 01:32 . 2006-11-29 20:33 321108 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\mia.dll
2010-06-25 01:32 . 2010-06-25 01:32 -------- d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2010-06-25 01:32 . 2006-11-29 20:33 2538535 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
2010-06-25 01:32 . 2010-06-25 01:32 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2010-06-25 01:32 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-06-25 01:32 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-25 01:31 . 2010-06-25 01:31 -------- d-----w- c:\windows\PCHEALTH
2010-06-25 01:31 . 2010-06-25 01:31 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 01:30 . 2010-06-25 01:32 -------- d-----w- c:\programdata\Microsoft Help
2010-06-25 01:30 . 2010-06-25 01:30 -------- d-----r- C:\MSOCache
2010-06-25 01:29 . 2010-06-25 01:31 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 01:28 . 2010-06-25 01:28 -------- d-----w- c:\program files\Snapfish Media Detector
2010-06-25 01:27 . 2010-06-25 01:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 01:26 . 2010-06-25 01:26 -------- d-----w- c:\program files\muvee Technologies
2010-06-25 01:26 . 2010-06-25 01:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-06-25 01:26 . 2010-06-25 01:26 -------- d-----w- c:\programdata\muvee Technologies
2010-06-25 01:26 . 2010-06-25 01:26 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-25 01:26 . 2010-06-25 01:26 -------- d-----w- c:\program files\Common Files\Real
2010-06-25 01:25 . 2010-06-25 01:26 -------- d-----w- c:\program files\Real
2010-06-25 01:25 . 2010-06-25 01:25 -------- d-----w- c:\program files\Rhapsody
2010-06-25 01:24 . 2010-06-25 01:24 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-06-25 01:24 . 2010-06-25 01:24 -------- d---a-w- c:\program files\Common Files\LS Getting Started
2010-06-25 01:24 . 2010-06-25 01:24 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-06-25 01:23 . 2010-06-25 01:23 -------- d-----w- c:\programdata\Sonic
2010-06-25 01:22 . 2010-06-25 01:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-25 01:22 . 2010-06-25 01:22 -------- d-----w- c:\programdata\Roxio
2010-06-25 01:22 . 2010-06-25 01:24 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-25 01:22 . 2010-06-25 01:24 -------- d-----w- c:\program files\Roxio
2010-06-25 01:22 . 2010-06-25 01:23 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-25 01:16 . 2010-06-25 01:28 -------- d-----w- c:\program files\HP
2010-06-25 01:16 . 2010-06-25 01:16 -------- d-----w- c:\program files\Common Files\HP
2010-06-25 01:15 . 2010-06-25 01:16 103521 ----a-w- c:\windows\hpqins13.dat
2010-06-25 01:15 . 2010-06-25 01:16 -------- d-----w- c:\programdata\HP
2010-06-25 01:15 . 2007-01-03 13:31 4779376 ----a-w- c:\programdata\WildTangent\oem-eula.exe
2010-06-25 01:10 . 2010-06-25 01:15 -------- d-----w- c:\program files\HP Games
2010-06-25 01:10 . 2010-06-25 01:15 -------- d-----w- c:\programdata\WildTangent
2010-06-25 01:10 . 2010-06-25 01:10 -------- d-----w- c:\windows\system32\Macromed
2010-06-25 01:02 . 2007-02-11 00:18 90192 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-25 01:01 . 2010-06-25 01:01 4153344 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 01:01 . 2010-06-25 01:01 1686016 ----a-w- c:\windows\system32\gameux.dll
2010-06-25 01:01 . 2010-06-25 01:01 414208 ----a-w- c:\windows\system32\msscp.dll
2010-06-25 01:01 . 2010-06-25 01:01 146944 ----a-w- c:\windows\system32\MMDevAPI.dll
2010-06-25 01:00 . 2010-06-25 01:00 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-06-25 01:00 . 2010-06-25 01:00 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-06-25 00:59 . 2010-06-25 00:59 135680 ----a-w- c:\windows\system32\wusa.exe
2010-06-25 00:59 . 2010-06-25 00:59 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-06-25 00:59 . 2010-06-25 00:59 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-06-25 00:58 . 2010-06-25 00:58 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2010-06-25 00:58 . 2010-06-25 00:58 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys
2010-06-25 00:58 . 2010-06-25 00:58 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-06-25 00:57 . 2010-06-25 00:57 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-25 00:56 . 2010-06-25 00:56 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-06-25 00:56 . 2010-06-25 00:56 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-06-25 00:56 . 2010-06-25 00:56 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-06-25 00:56 . 2010-06-25 00:56 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-06-25 00:56 . 2010-06-25 00:56 223744 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-06-25 00:56 . 2010-06-25 00:56 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-06-25 00:56 . 2010-06-25 00:56 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-06-25 00:55 . 2010-06-25 00:55 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-06-25 00:55 . 2007-02-12 15:01 61440 ----a-w- c:\windows\system32\OsdRemove.exe
2010-06-25 00:55 . 2010-06-25 01:36 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-25 00:54 . 2007-02-08 10:40 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2010-06-25 00:52 . 2006-07-16 21:23 327680 ----a-w- c:\windows\system32\pythoncom24.dll
2010-06-25 00:52 . 2006-07-16 21:15 102400 ----a-w- c:\windows\system32\pywintypes24.dll
2010-06-25 00:51 . 2006-09-07 17:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-25 00:51 . 2006-09-07 17:13 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-06-25 00:51 . 2010-07-08 05:19 -------- d-sh--w- c:\windows\Installer
2010-06-25 00:42 . 2010-06-25 00:42 -------- d-----w- c:\program files\CONEXANT
2010-06-25 00:41 . 2010-07-08 04:06 -------- d-----w- c:\windows\Debug

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:58 . 2010-07-08 04:58 92472 ----a-w- c:\users\We will make IT\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-08 04:29 . 2010-06-25 01:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 04:26 . 2010-07-08 04:26 1840 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#100625_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2010-07-08 04:06 . 2010-07-08 04:06 -------- d-sh--we c:\programdata\Templates
2010-07-08 04:06 . 2010-07-08 04:06 -------- d-sh--we c:\programdata\Start Menu
2010-07-08 04:06 . 2010-07-08 04:06 -------- d-sh--we c:\programdata\Favorites
2010-07-08 04:06 . 2010-07-08 04:06 -------- d-sh--we c:\programdata\Documents
2010-07-08 04:06 . 2010-07-08 04:06 -------- d-sh--we c:\programdata\Desktop
2010-06-25 01:17 . 2010-06-25 01:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-25 01:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-25 01:04 . 2010-06-25 01:04 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-25 01:04 . 2010-06-25 01:04 -------- d-----w- c:\program files\Realtek
2010-06-25 01:04 . 2010-06-25 01:04 315392 ----a-w- c:\windows\HideWin.exe
2010-06-25 01:01 . 2010-06-25 01:01 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-06-25 01:01 . 2010-06-25 01:01 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-06-25 01:01 . 2010-06-25 01:01 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-06-25 01:01 . 2010-06-25 01:01 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-06-25 01:01 . 2010-06-25 01:01 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-06-25 00:58 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2010-06-25 00:58 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-13 00:44 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-02-11 00:18 8429568 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-02-11 00:18 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-02-11 00:18 90192 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 10:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 15:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S3 netr73;Amigo RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-04 255488]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NATIVEWIFIP
*NewlyCreated* - NDISUIO
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 22:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000062DDD9BF34A52DAF8F 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-07 20:55:33
ComboFix-quarantined-files.txt 2010-07-08 03:55

Pre-Run: 293,139,161,088 bytes free
Post-Run: 293,159,260,160 bytes free

- - End Of File - - 0A094BD1159808B9E2F4A2D1C8812BD6


#10 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 July 2010 - 11:11 PM

OTL logfile created on: 7/7/2010 9:04:00 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\I Believe\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.30 Gb Total Space | 273.05 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBELIEVE-PC
Current User Name: I Believe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 21:03:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\I Believe\Desktop\OTL.exe
PRC - [2006/11/02 05:34:32 | 001,004,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/07 21:03:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\I Believe\Desktop\OTL.exe
MOD - [2006/11/02 02:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2006/11/02 05:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/01 09:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/10 17:18:00 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/04 09:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/07/07 22:53:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img8.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/24 18:26:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/07 22:49:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/07 22:49:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/07 22:49:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/07 22:49:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/07 22:49:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/07 22:49:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/07 22:10:14 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/07/07 22:03:52 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/07/07 22:03:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/07/07 22:02:44 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/07/07 22:02:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/07/07 21:53:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/07 21:15:39 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Local\Hewlett-Packard
[2010/07/07 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Roaming\Snapfish
[2010/07/07 21:14:35 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Searches
[2010/07/07 21:14:24 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Roaming\Identities
[2010/07/07 21:14:04 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Contacts
[2010/07/07 21:14:00 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Local\VirtualStore
[2010/07/07 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Roaming\Macromedia
[2010/07/07 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Roaming\Hewlett-Packard
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\AppData\Local\Temporary Internet Files
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Templates
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Start Menu
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\SendTo
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Recent
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\PrintHood
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\NetHood
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Documents\My Videos
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Documents\My Pictures
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Documents\My Music
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\My Documents
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Local Settings
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\AppData\Local\History
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Cookies
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\Application Data
[2010/07/07 21:10:19 | 000,000,000 | -HSD | C] -- C:\Users\I Believe\AppData\Local\Application Data
[2010/07/07 21:10:18 | 000,000,000 | --SD | C] -- C:\Users\I Believe\AppData\Roaming\Microsoft
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Videos
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Saved Games
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Pictures
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Music
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Links
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Favorites
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Downloads
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Documents
[2010/07/07 21:10:18 | 000,000,000 | R--D | C] -- C:\Users\I Believe\Desktop
[2010/07/07 21:10:18 | 000,000,000 | -H-D | C] -- C:\Users\I Believe\AppData
[2010/07/07 21:10:18 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Local\Microsoft
[2010/07/07 21:10:18 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Roaming\Media Center Programs
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/07/07 21:06:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/07/07 21:05:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/07 21:02:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\I Believe\Desktop\OTL.exe
[2010/07/07 20:55:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/07 20:55:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/07 20:55:35 | 000,000,000 | ---D | C] -- C:\Users\I Believe\AppData\Local\temp
[2010/06/24 18:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/06/24 18:46:53 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2010/06/24 18:40:45 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2010/06/24 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/24 18:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/24 18:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/24 18:38:25 | 000,000,000 | ---D | C] -- C:\hp
[2010/06/24 18:38:17 | 000,172,032 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32m15.dll
[2010/06/24 18:38:17 | 000,094,208 | ---- | C] (Conexant) -- C:\Windows\System32\mdmxsdk.dll
[2010/06/24 18:38:12 | 000,255,488 | ---- | C] (Ralink Technology Inc.) -- C:\Windows\System32\drivers\netr73.sys
[2010/06/24 18:37:57 | 000,352,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\idecoiins.dll
[2010/06/24 18:37:57 | 000,352,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\idecoi.dll
[2010/06/24 18:37:57 | 000,101,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2010/06/24 18:37:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/24 18:37:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010/06/24 18:37:31 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/24 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/06/24 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\earthlink totalaccess
[2010/06/24 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor
[2010/06/24 18:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor 5 for Windows
[2010/06/24 18:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2010/06/24 18:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/06/24 18:32:13 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/06/24 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/24 18:31:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/24 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/24 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/24 18:30:07 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/06/24 18:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/24 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/24 18:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Snapfish Media Detector
[2010/06/24 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/24 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/24 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/24 18:26:56 | 000,068,344 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2010/06/24 18:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2010/06/24 18:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2010/06/24 18:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/06/24 18:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/24 18:26:10 | 000,185,952 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/24 18:26:06 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/24 18:26:06 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/24 18:26:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/24 18:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/24 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/24 18:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2010/06/24 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started
[2010/06/24 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/06/24 18:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/06/24 18:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/06/24 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/06/24 18:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/06/24 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/06/24 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/06/24 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/06/24 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/06/24 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/06/24 18:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/06/24 18:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\HP Games
[2010/06/24 18:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/06/24 18:10:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/06/24 18:04:32 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/06/24 18:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/06/24 18:04:29 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/06/24 18:04:29 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/06/24 18:04:29 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/24 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/24 18:04:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/06/24 18:04:02 | 004,390,912 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010/06/24 18:04:02 | 001,840,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010/06/24 18:04:02 | 001,744,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010/06/24 18:04:02 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010/06/24 18:04:02 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010/06/24 18:04:02 | 000,494,080 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010/06/24 18:04:02 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/06/24 18:04:02 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/06/24 18:02:13 | 003,620,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvsr.dll
[2010/06/24 18:02:13 | 003,391,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll
[2010/06/24 18:02:13 | 002,379,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwssr.dll
[2010/06/24 18:02:13 | 002,113,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll
[2010/06/24 18:02:13 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010/06/24 18:02:13 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010/06/24 18:02:13 | 000,090,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010/06/24 18:02:12 | 007,409,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/06/24 18:02:12 | 006,828,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/06/24 18:02:12 | 003,235,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgamesr.dll
[2010/06/24 18:02:12 | 003,153,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll
[2010/06/24 18:02:12 | 002,854,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmoblsr.dll
[2010/06/24 18:02:12 | 000,958,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll
[2010/06/24 18:02:12 | 000,458,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccssr.dll
[2010/06/24 18:02:12 | 000,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010/06/24 18:02:12 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccs.dll
[2010/06/24 18:02:12 | 000,188,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll
[2010/06/24 18:02:12 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010/06/24 18:02:12 | 000,045,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccsrs.dll
[2010/06/24 18:02:11 | 005,709,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll
[2010/06/24 18:02:11 | 005,246,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispsr.dll
[2010/06/24 18:02:11 | 001,069,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/06/24 18:02:11 | 000,815,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010/06/24 18:02:10 | 008,429,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010/06/24 18:02:10 | 000,521,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/06/24 18:02:10 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/06/24 18:02:10 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcolor.exe
[2010/06/24 18:02:10 | 000,073,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010/06/24 18:01:53 | 004,153,344 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/24 18:01:53 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/06/24 18:01:20 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/06/24 18:01:00 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/06/24 18:00:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/06/24 17:59:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/06/24 17:59:07 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010/06/24 17:58:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/06/24 17:57:42 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/06/24 17:57:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/06/24 17:57:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/24 17:57:42 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/06/24 17:57:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/06/24 17:56:39 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/24 17:56:14 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/06/24 17:56:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010/06/24 17:56:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010/06/24 17:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/24 17:54:42 | 000,048,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\RUNCLOSE.OCX
[2010/06/24 17:54:05 | 000,253,952 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\cPC_DMIRD.dll
[2010/06/24 17:51:46 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2010/06/24 17:51:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/06/24 17:51:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/24 17:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/24 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/06/24 17:41:12 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/06/24 17:39:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 22:53:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/07 22:03:52 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/07/07 22:03:52 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/07/07 22:03:17 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/07 22:03:17 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/07 22:03:16 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/07 22:02:44 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/07/07 22:02:44 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/07/07 21:57:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/07 21:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/07 21:57:38 | 2011,684,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 21:56:51 | 002,996,489 | -H-- | M] () -- C:\Users\I Believe\AppData\Local\IconCache.db
[2010/07/07 21:26:31 | 000,001,840 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#100625_N10DE03EF_Z14F12F20_G10DE03D0.MRK
[2010/07/07 21:24:32 | 000,524,288 | -HS- | M] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 21:24:32 | 000,524,288 | -HS- | M] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 21:24:32 | 000,065,536 | -HS- | M] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/07 21:14:54 | 000,092,472 | ---- | M] () -- C:\Users\I Believe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/07 21:13:26 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\Walmart.com Digital Photo Center.lnk
[2010/07/07 21:13:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Easy Internet Services.lnk
[2010/07/07 21:12:53 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/07 21:10:19 | 000,000,020 | -HS- | M] () -- C:\Users\I Believe\ntuser.ini
[2010/07/07 21:03:31 | 000,786,432 | -HS- | M] () -- C:\Users\I Believe\NTUSER.DAT
[2010/07/07 21:03:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\I Believe\Desktop\OTL.exe
[2010/07/07 20:57:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 20:57:45 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 20:57:20 | 000,000,949 | ---- | M] () -- C:\Users\I Believe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/07 20:53:51 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/24 18:49:17 | 000,354,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/24 18:39:18 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\High-Speed Services.lnk
[2010/06/24 18:38:52 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Try AOL Today.lnk
[2010/06/24 18:38:02 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Vonage.lnk
[2010/06/24 18:37:39 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/06/24 18:37:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\MSN.lnk
[2010/06/24 18:37:33 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/06/24 18:37:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2010/06/24 18:32:48 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60 Day Trial..lnk
[2010/06/24 18:26:56 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/06/24 18:26:12 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/06/24 18:26:10 | 000,185,952 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/06/24 18:26:06 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/06/24 18:26:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/06/24 18:26:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/06/24 18:25:34 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2010/06/24 18:16:54 | 000,103,521 | ---- | M] () -- C:\Windows\hpqins13.dat
[2010/06/24 18:15:35 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\My HP Games.lnk
[2010/06/24 18:04:32 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/06/24 18:04:29 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010/06/24 18:01:53 | 004,153,344 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/24 18:01:53 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/06/24 18:01:20 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/06/24 18:01:00 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/06/24 18:00:41 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/06/24 17:59:47 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/06/24 17:59:07 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010/06/24 17:58:26 | 000,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2010/06/24 17:58:26 | 000,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2010/06/24 17:58:26 | 000,134,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2010/06/24 17:58:05 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/06/24 17:57:42 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/06/24 17:57:42 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/06/24 17:57:42 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/24 17:57:42 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/06/24 17:57:42 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/06/24 17:56:39 | 000,383,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/24 17:56:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/06/24 17:56:14 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010/06/24 17:56:14 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010/06/24 17:47:33 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/06/24 17:44:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 22:49:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/07 22:49:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/07 22:49:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/07 22:49:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/07 22:49:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/07 21:26:23 | 000,001,840 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#100625_N10DE03EF_Z14F12F20_G10DE03D0.MRK
[2010/07/07 21:13:26 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\Walmart.com Digital Photo Center.lnk
[2010/07/07 21:13:14 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/07/07 21:13:14 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Try AOL Today.lnk
[2010/07/07 21:13:14 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Vonage.lnk
[2010/07/07 21:13:14 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2010/07/07 21:13:14 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\High-Speed Services.lnk
[2010/07/07 21:13:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Easy Internet Services.lnk
[2010/07/07 21:13:14 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2010/07/07 21:12:53 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/07 21:10:19 | 000,000,020 | -HS- | C] () -- C:\Users\I Believe\ntuser.ini
[2010/07/07 21:10:18 | 000,786,432 | -HS- | C] () -- C:\Users\I Believe\NTUSER.DAT
[2010/07/07 21:10:18 | 000,524,288 | -HS- | C] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 21:10:18 | 000,524,288 | -HS- | C] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 21:10:18 | 000,262,144 | -H-- | C] () -- C:\Users\I Believe\ntuser.dat.LOG1
[2010/07/07 21:10:18 | 000,065,536 | -HS- | C] () -- C:\Users\I Believe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/07 21:10:18 | 000,000,258 | ---- | C] () -- C:\Users\I Believe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/07 21:10:18 | 000,000,240 | ---- | C] () -- C:\Users\I Believe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/07 21:10:18 | 000,000,000 | -H-- | C] () -- C:\Users\I Believe\ntuser.dat.LOG2
[2010/07/07 20:57:20 | 000,000,949 | ---- | C] () -- C:\Users\I Believe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/07 19:03:07 | 2011,684,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/24 18:50:41 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Windows Media Center.lnk
[2010/06/24 18:50:41 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/06/24 18:37:33 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/06/24 18:37:32 | 000,438,840 | RHS- | C] () -- C:\bootmgr
[2010/06/24 18:37:21 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/06/24 18:37:08 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2010/06/24 18:34:17 | 000,000,172 | ---- | C] () -- C:\Users\Public\Desktop\Help and Support.lnk
[2010/06/24 18:32:48 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60 Day Trial..lnk
[2010/06/24 18:15:48 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/24 18:15:47 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/06/24 18:15:26 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\My HP Games.lnk
[2010/06/24 18:02:13 | 000,075,268 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2010/06/24 18:02:11 | 000,003,411 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010/06/24 18:02:10 | 000,109,706 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2010/06/24 17:55:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2010/06/24 17:52:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2010/06/24 17:52:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/07 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\I Believe\AppData\Roaming\Snapfish
[2010/07/07 21:56:55 | 000,004,048 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\drivers\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\System32\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\WINDOWS\System32\drivers\nvstor32.sys
[2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\System32\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
< End of report >

OTL Extras logfile created on: 7/7/2010 9:04:00 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\I Believe\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.30 Gb Total Space | 273.05 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBELIEVE-PC
Current User Name: I Believe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{143ADF17-72A7-4A24-AFF4-77E39C4CE733}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2A92962B-4D84-4032-8BA5-C2FBFA9CAA40}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4A1AAB60-6472-4906-A68D-5836F270168E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{513E849F-1140-41AB-B85F-6E568685F574}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{565759F2-DEA8-4801-81D1-BD0E766F91ED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5C788369-1A06-4CC0-84B6-72C174BF1473}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71FDA30D-34E6-4984-A9C7-E18C4187A1B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80BE6022-A122-4514-B3FD-1C95A7C68C95}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"WildTangent hpdesktop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2010 1:18:53 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:19:56 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:24:45 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:25:27 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:30:40 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:31:15 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:31:45 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:36:13 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:36:44 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2010 1:41:43 AM | Computer Name = IBelieve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\IBELIE~1\AppData\Local\Temp\RarSFX0\setup.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:17:22 AM | Computer Name = IBelieve-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/8/2010 1:49:47 AM | Computer Name = IBelieve-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/8/2010 1:49:58 AM | Computer Name = IBelieve-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/8/2010 1:53:44 AM | Computer Name = IBelieve-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >


How do I get rid of the trial junk stuff on my desktop where trojans having been hiding???? such as snapfish media, muvee producer, hpupdate, hp photosmart.

I have also tried deleting Symantec from my system after the restore because it was out of date, and then download avira, but it didnt work! Is symantec still present here ?/

Edited by kymberly, 07 July 2010 - 11:13 PM.


#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:16 AM

Posted 07 July 2010 - 11:15 PM

I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the scans which I requested above, and post them for my review.

QUOTE
i can't install avira antivirus for some reason

What exactly happens when you try to install an antivirus? Include the exact text of any error messages that occur.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 July 2010 - 11:42 PM

I have tried download.com., majorgeek.com and each time I download, I am getting the prompt to download and then i can click on the button to install and then it installs I think but never get anything else but then minutes later, i get a prompt saying this software may have not been installed correctly it gives you two options to install correctly with correct settings or dont. I am clicking replace and install correctly I get nothing! So I am totally lost here! I will not download anything unless you ask! What concerns me the most is my network light is constantly going after I am off the internet, before I used the system restore I was getting alerts from Avira that I had a two viruses but each time I tried to click to delete the virus it did nothing! Just for your FYI

In your message above you said "please peform the scans above, I already have! Are you talking about the OTL: I have posted that already or did you mean to insert something here for me to do???

Edited by kymberly, 07 July 2010 - 11:46 PM.


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:16 AM

Posted 08 July 2010 - 02:49 AM

QUOTE
In your message above you said "please peform the scans above, I already have! Are you talking about the OTL: I have posted that already or did you mean to insert something here for me to do???


Whoops, that's my fault. You posted the logs while I was typing out my post. poster_oops.gif

QUOTE
How do I get rid of the trial junk stuff on my desktop where trojans having been hiding???? such as snapfish media, muvee producer, hpupdate, hp photosmart.

Use Add/Remove Programs. The link just given will explain the process.

QUOTE
What concerns me the most is my network light is constantly going after I am off the internet

Do you have dialup internet, DSL, or cable?

***************************************************

There is no active malware on your machine, but before I turn you loose let's fix a couple things and see if we can get that antivirus installed.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" =-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" =-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" =-

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
***************************************************

In regards to the antivirus, try this link. http://www.softpedia.com/progDownload/Anti...nload-6527.html

Be sure you save the file to your desktop before attempting to run it. When you run it, right click the icon on your desktop and Run As Administrator. If the installation fails, please give me the exact text of any error messages you receive.

~Blade


In your next reply, please include the following:
OTL fix log

Edited by Blade Zephon, 08 July 2010 - 02:50 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 July 2010 - 07:21 PM

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: I Believe
->Temp folder emptied: 59347 bytes
->Temporary Internet Files folder emptied: 4898903 bytes
->Flash cache emptied: 1670 bytes

User: Public
->Temp folder emptied: 0 bytes

User: We will make IT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53207414 bytes
->Flash cache emptied: 542 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07082010_170408

Files\Folders moved on Reboot...
File\Folder C:\Users\I Believe\AppData\Local\Temp\Low\~DF3F1.tmp not found!
File\Folder C:\Users\I Believe\AppData\Local\Temp\Low\~DF3F7.tmp not found!
C:\Users\I Believe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PNH1IC4X\iframe[1].htm moved successfully.
C:\Users\I Believe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PNH1IC4X\topic328782[1].htm moved successfully.
C:\Users\I Believe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1717FTWK\iframe[1].htm moved successfully.
C:\Users\I Believe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\Users\I Believe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

I am not understanding why am I getting the message: please wait and then configuring updates when no updates have been downloaded??

















#15 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 July 2010 - 07:38 PM

A message comes up from Program Compatibility stating that: the program might have installed incorrectly, if this program did not install correctly try installing using settings that are compatiable with this version of windows. for some reason i captured the screen and it wont let me post it here. I am not able to upload on your site, I believe the spyware or malware I had prevented me from that and it still is preventing me from uploading. I have it saved on my flash drive. You asked me about the internet connection I have dsl!

Edited by kymberly, 08 July 2010 - 07:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users