Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware of silent virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 Heavenlyp

Heavenlyp

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 October 2010 - 11:03 AM

Hi,
I am having multiple troubles with my computer. I attempted to adhere to bleeping computers preparation guide but I am unable to run DDS the screen pops up then back out. I was successful with defogger.I am unable to connect to internet explorer but I can connect with mozilla fire fox. I have no start menu or task bar I cannot cut or copy and paste. I have tried to run malware bytes and i get a message stating runtime error372, vbalGrid6.ocx is outdated. I cannot use my printer because spooler service is not running. Spybot does not find anything. I tried to run system restore it states system restore can not protect your computer restart and try again( I did a couple times still didn't work).
need help
TIA

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 16 October 2010 - 07:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 17 October 2010 - 01:33 PM

Hi etavares,

Thanks for replying.
I am unable to paste so I will upload OTL logs along with ark file.


OTL logfile created on: 10/17/2010 9:43:51 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 42.00% Memory free
919.00 Mb Paging File | 682.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 87.16 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 4.42 Gb Total Space | 2.23 Gb Free Space | 50.53% Space Free | Partition Type: FAT32

Computer Name: ELECTRICHAYWARD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 09:16:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/09/28 19:49:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/06 23:01:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 09:16:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/08/06 23:01:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctfw.sys -- (SFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/20 11:31:55 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/06 23:14:51 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASCTRM.sys -- (ASCTRM)
DRV - [2005/09/18 08:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/09/14 11:38:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 09:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 09:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 09:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 12:00:00 | 000,012,800 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2004/08/04 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 06:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6528
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=T6528
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1991515541-109621520-24872324-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1991515541-109621520-24872324-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 19:49:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/28 19:49:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/05/07 17:10:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/07/03 16:59:32 | 000,000,000 | ---D | M]

[2010/03/17 11:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/15 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/15 11:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p4l7tjec.default\extensions
[2010/10/01 10:50:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p4l7tjec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 11:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2005/02/11 10:47:46 | 000,201,277 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 abcsearch.com
O1 - Hosts: 0.0.0.0 admin.abcsearch.com
O1 - Hosts: 0.0.0.0 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 0.0.0.0 www.abcsearch.com
O1 - Hosts: 0.0.0.0 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 0.0.0.0 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 0.0.0.0 acestats.com
O1 - Hosts: 0.0.0.0 www.acestats.com
O1 - Hosts: 0.0.0.0 www.activesearch.com #[Adware.ActiveSearch]
O1 - Hosts: 0.0.0.0 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 0.0.0.0 www.actualnames.com
O1 - Hosts: 0.0.0.0 ad-up.com
O1 - Hosts: 0.0.0.0 www.ad-up.com
O1 - Hosts: 0.0.0.0 adatom.com
O1 - Hosts: 0.0.0.0 aesp.adatom.com
O1 - Hosts: 0.0.0.0 adbest.com
O1 - Hosts: 0.0.0.0 www.adcipta.net #[W32/Malware]
O1 - Hosts: 0.0.0.0 adserv.adbonus.com
O1 - Hosts: 0.0.0.0 www.adbonus.com
O1 - Hosts: 0.0.0.0 media.adcentriconline.com
O1 - Hosts: 0.0.0.0 ad2.adcept.net
O1 - Hosts: 0.0.0.0 ad3.adcept.net
O1 - Hosts: 0.0.0.0 www.adcept.net
O1 - Hosts: 0.0.0.0 adcomplete.com
O1 - Hosts: 5877 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Ashampoo FireWall] C:\Program Files\Ashampoo\Ashampoo FireWall FREE\FireWall.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1991515541-109621520-24872324-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1991515541-109621520-24872324-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1991515541-109621520-24872324-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Ashampoo\Ashampoo FireWall FREE\spi.dll ()
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB (HpodPCFileCtrl2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/30 20:07:22 | 000,000,692 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: DriverCure - hkey= - key= - C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe (ParetoLogic)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Unable to start service RpcSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 10:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CSUDN Application proof_files
[2010/10/04 14:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malware Blocker
[2010/10/04 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ashampoo
[2010/10/04 11:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/10/01 09:45:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/09/17 21:26:51 | 020,069,088 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Owner\Desktop\OnlineArmorSetup.exe
[2010/07/22 12:26:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2010/07/22 12:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/07/22 12:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/07/22 12:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/07/22 12:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/15 10:51:44 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/15 10:50:31 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/15 10:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 10:50:22 | 402,051,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 07:25:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/05 10:19:56 | 000,014,162 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CSUDN Application proof.htm
[2010/10/04 11:31:15 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo FireWall FREE.lnk
[2010/10/04 11:31:15 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ashampoo FireWall FREE.lnk
[2010/09/19 00:45:32 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Marion Williams.doc
[2010/09/17 22:34:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/17 21:34:45 | 000,438,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/17 21:34:45 | 000,070,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/17 21:26:51 | 020,069,088 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Owner\Desktop\OnlineArmorSetup.exe
[2010/09/17 11:43:51 | 000,122,838 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\name Change nc130.pdf
[2010/09/17 11:43:06 | 000,117,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc120.pdf
[2010/09/17 11:42:32 | 000,062,620 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc100.pdf
[2010/09/17 11:41:49 | 000,196,436 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc110.pdf
[2010/09/14 22:25:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/09 10:56:53 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Facebook responsee.doc
[2010/09/07 18:55:57 | 016,425,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Heavenly G Mode.mov
[2010/08/31 09:36:35 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kaplan Tutoring Smart Track.url
[2010/08/29 18:55:28 | 001,955,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Equifax Credit Report 2010.doc
[2010/08/29 18:20:05 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Experian CHASE charge off.doc
[2010/08/29 18:08:03 | 002,076,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Experian cerdit report 2010.doc
[2010/08/29 18:06:28 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Experian credit report number for 2010.doc
[2010/08/29 17:12:38 | 001,505,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Trans union 2010 credit report.doc
[2010/08/29 13:39:12 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Craigs list august 29 2010.doc
[2010/08/28 17:34:41 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\resume Leona De Jean.doc
[2010/08/26 23:16:54 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IHSS Marion.doc
[2010/08/26 23:06:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IHSS Mr Obi.doc
[2010/08/22 23:05:06 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\facebook.doc
[2010/08/22 19:10:21 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ACLS.doc
[2010/08/22 01:06:48 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Derek T.doc
[2010/08/21 18:37:39 | 000,069,632 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/21 18:37:39 | 000,056,320 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/21 17:57:29 | 000,009,216 | ---- | M] () -- C:\t.imageTable.cdx
[2010/08/21 17:57:29 | 000,007,680 | ---- | M] () -- C:\t.albumImagesTable.cdx
[2010/08/21 17:57:29 | 000,006,144 | ---- | M] () -- C:\t.ROFImagesTable.cdx
[2010/08/21 17:57:29 | 000,006,144 | ---- | M] () -- C:\t.keywordImagesTable.cdx
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.pathnameTable.cdx
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.keywordTable.cdx
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.albumTable.cdx
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2010/08/21 17:57:29 | 000,003,072 | ---- | M] () -- C:\t.ROFTable.cdx
[2010/08/21 17:57:29 | 000,003,072 | ---- | M] () -- C:\t.EXIFTable.cdx
[2010/08/21 17:57:29 | 000,001,089 | ---- | M] () -- C:\t.imageTable.dbf
[2010/08/21 17:57:29 | 000,000,957 | ---- | M] () -- C:\t.pathnameTable.dbf
[2010/08/21 17:57:29 | 000,000,957 | ---- | M] () -- C:\pathnameTable.dbf
[2010/08/21 17:57:29 | 000,000,786 | ---- | M] () -- C:\t.administrativeInfo.dbf
[2010/08/21 17:57:29 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2010/08/21 17:57:29 | 000,000,584 | ---- | M] () -- C:\t.albumTable.dbf
[2010/08/21 17:57:29 | 000,000,512 | ---- | M] () -- C:\t.imageTable.fpt
[2010/08/21 17:57:29 | 000,000,488 | ---- | M] () -- C:\t.EXIFTable.dbf
[2010/08/21 17:57:29 | 000,000,456 | ---- | M] () -- C:\t.keywordTable.dbf
[2010/08/21 17:57:29 | 000,000,424 | ---- | M] () -- C:\t.albumImagesTable.dbf
[2010/08/21 17:57:29 | 000,000,392 | ---- | M] () -- C:\t.ROFTable.dbf
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.ROFImagesTable.dbf
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.managedFolderTable.dbf
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.keywordImagesTable.dbf
[2010/08/21 17:54:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\faye To whom it may Concern.doc
[2010/08/19 19:28:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Glendale Memorial Interview.doc
[2010/08/16 21:17:48 | 000,050,987 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chase fe return 08162010.pdf
[2010/08/16 08:17:50 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Diet Schedule Aug 16 thru 22 2010.doc
[2010/08/16 08:17:36 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Diet Schedule.doc
[2010/08/15 22:37:54 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job Gardena Memorial Mission.doc
[2010/08/15 22:37:40 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job QUESTIONS I will ask Interviewer.doc
[2010/08/15 21:02:08 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job Questions Interviewer will ask me..doc
[2010/08/15 18:56:47 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job Questions Ten Killer Interview Tips.doc
[2010/08/15 17:41:31 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Questions Interviewer will ask me..doc
[2010/08/15 16:13:49 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for USC University.doc
[2010/08/15 16:12:36 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean Gardena Memorial.doc
[2010/08/13 12:06:10 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Flex Ed Schedule July thru Dec 2010.doc
[2010/08/12 03:38:36 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 10:45:09 | 000,166,606 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cert IV and Blood.pdf
[2010/08/08 12:14:34 | 000,183,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\APRN RESUME FORM WLA 2010_distributed.pdf
[2010/08/08 11:44:14 | 001,025,908 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\VA app for nurse and nurs anest.pdf
[2010/08/06 20:33:32 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RESUME AdDItion.doc
[2010/08/04 14:11:02 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Boochie Hats.doc
[2010/08/02 14:25:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean Generic.doc
[2010/08/02 09:39:57 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for Bellflower.doc
[2010/08/01 23:17:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\USC University confirmation for job.doc
[2010/07/31 21:42:39 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for orange coast.doc
[2010/07/23 09:30:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ofitoced.dll
[2010/07/22 20:55:32 | 000,000,141 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/22 19:43:58 | 000,000,424 | ---- | M] () -- C:\WINDOWS\ofitoced.dll.nanflmrkxtns
[2010/07/22 19:24:06 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/22 19:24:06 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 12:38:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 07:25:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/05 10:19:52 | 000,014,162 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CSUDN Application proof.htm
[2010/10/04 11:32:19 | 402,051,072 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/04 11:31:15 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo FireWall FREE.lnk
[2010/10/04 11:31:15 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ashampoo FireWall FREE.lnk
[2010/09/19 00:45:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Marion Williams.doc
[2010/09/17 11:43:51 | 000,122,838 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\name Change nc130.pdf
[2010/09/17 11:43:06 | 000,117,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc120.pdf
[2010/09/17 11:42:32 | 000,062,620 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc100.pdf
[2010/09/17 11:41:49 | 000,196,436 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Name Change nc110.pdf
[2010/09/09 10:56:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Facebook responsee.doc
[2010/09/07 18:55:53 | 016,425,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Heavenly G Mode.mov
[2010/08/31 09:36:35 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kaplan Tutoring Smart Track.url
[2010/08/29 18:37:07 | 001,955,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Equifax Credit Report 2010.doc
[2010/08/29 18:20:04 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Experian CHASE charge off.doc
[2010/08/29 18:08:03 | 002,076,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Experian cerdit report 2010.doc
[2010/08/29 18:06:28 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Experian credit report number for 2010.doc
[2010/08/29 17:12:38 | 001,505,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Trans union 2010 credit report.doc
[2010/08/29 13:39:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Craigs list august 29 2010.doc
[2010/08/22 23:05:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\facebook.doc
[2010/08/22 19:10:21 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ACLS.doc
[2010/08/22 00:17:05 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Derek T.doc
[2010/08/21 17:39:40 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\faye To whom it may Concern.doc
[2010/08/19 19:28:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Glendale Memorial Interview.doc
[2010/08/16 21:17:48 | 000,050,987 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chase fe return 08162010.pdf
[2010/08/16 08:16:48 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Diet Schedule Aug 16 thru 22 2010.doc
[2010/08/15 18:59:22 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Job Questions Interviewer will ask me..doc
[2010/08/15 18:59:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Job Gardena Memorial Mission.doc
[2010/08/15 18:56:47 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Job Questions Ten Killer Interview Tips.doc
[2010/08/15 18:27:52 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Job QUESTIONS I will ask Interviewer.doc
[2010/08/15 17:41:30 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Questions Interviewer will ask me..doc
[2010/08/15 16:03:52 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean Gardena Memorial.doc
[2010/08/11 10:45:08 | 000,166,606 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cert IV and Blood.pdf
[2010/08/08 11:44:14 | 001,025,908 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\VA app for nurse and nurs anest.pdf
[2010/08/07 19:18:19 | 000,183,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\APRN RESUME FORM WLA 2010_distributed.pdf
[2010/08/02 10:09:54 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean Generic.doc
[2010/08/02 09:39:52 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for Bellflower.doc
[2010/08/01 23:16:59 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\USC University confirmation for job.doc
[2010/08/01 23:11:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for USC University.doc
[2010/07/31 21:42:39 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cover Letter Leona DeJean for orange coast.doc
[2010/07/31 21:38:46 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RESUME AdDItion.doc
[2010/07/23 09:30:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofitoced.dll
[2010/07/22 20:55:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/22 19:43:58 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ofitoced.dll.nanflmrkxtns
[2010/07/22 19:24:06 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/22 19:24:06 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/12 11:43:20 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2010/04/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DAZ10.INI
[2010/03/17 11:41:18 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/15 15:57:43 | 000,014,910 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QJyrk5wvCU1
[2010/03/15 15:57:43 | 000,014,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QJyrk5wvCU1
[2010/01/16 12:53:09 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/07/25 13:09:51 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\datto4sini.dll
[2009/07/25 12:52:41 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/25 12:52:38 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/07/10 11:43:08 | 000,000,087 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/05/15 22:56:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/03/02 23:19:57 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/10/15 15:12:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/15 15:12:50 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/23 10:15:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/07/24 16:49:16 | 000,286,768 | ---- | C] () -- C:\WINDOWS\HELPHLPR.DLL
[2007/07/24 16:49:16 | 000,002,333 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/07/24 16:49:15 | 000,001,452 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2007/06/29 00:46:28 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/06/28 08:35:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/27 20:56:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/27 20:47:59 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/06/27 13:10:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy RM RMVB to DVD Burner.INI
[2007/05/27 00:08:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2007/03/24 19:15:32 | 000,000,157 | ---- | C] () -- C:\WINDOWS\cool.ini
[2007/01/17 21:07:21 | 000,003,266 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/08 15:57:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/08 07:03:46 | 000,013,832 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/06 23:09:57 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/08/06 23:09:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/08/06 23:09:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/08/06 23:05:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/06 22:32:49 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\aha154x.sys
[2006/01/31 08:08:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/31 08:08:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/31 08:08:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/31 08:08:19 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/31 08:08:18 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/31 08:08:18 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/31 08:08:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 03:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/14 07:07:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/04/16 00:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/10/28 07:51:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2007/05/30 14:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2006/08/06 23:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/08/06 12:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/12/13 10:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/10/17 23:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/06/27 20:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2007/12/19 11:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/17 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/16 18:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/06/08 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/04/08 20:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/26 13:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/10/17 23:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/02/17 16:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiComponents
[2007/10/15 15:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/19 17:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/31 21:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/08/06 23:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2007/05/27 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2007/08/06 12:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2010/03/16 22:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2009/11/29 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.codeode
[2009/10/17 23:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2009/07/25 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/03/16 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2010/04/08 20:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/11/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2010/06/23 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Panda Security
[2007/06/03 00:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2006/08/06 23:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/06/05 09:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2007/07/17 04:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/01/07 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/02/19 17:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll/lockedfiles >
Invalid Switch: lockedfiles


< %systemroot%\system32\*.sys/90 >

< %systemroot%\Tasks\*.job/lockedfiles >
Invalid Switch: lockedfiles


< %systemroot%\System32\config\*.sav >
[2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/05/24 14:23:19 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.bak
[2010/08/21 17:57:29 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2010/06/23 17:40:37 | 000,000,425 | ---- | M] () -- C:\albumImagesTable.bak
[2010/06/23 17:40:37 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2010/06/23 17:40:37 | 000,000,425 | ---- | M] () -- C:\albumImagesTable.dbf
[2010/06/23 17:40:37 | 000,000,585 | ---- | M] () -- C:\albumTable.bak
[2010/06/23 17:40:37 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2010/06/23 17:40:37 | 000,000,585 | ---- | M] () -- C:\albumTable.dbf
[2006/08/06 23:11:07 | 000,000,206 | ---- | M] () -- C:\audio.log
[2006/12/30 20:07:22 | 000,000,692 | ---- | M] () -- C:\autoAlbum.log
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[1998/08/22 02:41:15 | 038,141,488 | ---- | M] () -- C:\AVSEQ01.mpg
[2010/02/14 01:31:15 | 000,000,321 | ---- | M] () -- C:\BnetLog.txt
[2009/10/18 12:15:17 | 000,000,199 | ---- | M] () -- C:\Boot.bak
[2010/03/20 17:47:38 | 000,000,270 | RHS- | M] () -- C:\boot.ini
[2007/05/27 00:20:09 | 000,000,977 | ---- | M] () -- C:\caavsetup.log
[2010/08/21 17:57:29 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/25 18:38:58 | 000,013,320 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/15 10:15:42 | 000,000,074 | ---- | M] () -- C:\delrb.txt
[2010/06/23 17:40:37 | 000,000,489 | ---- | M] () -- C:\EXIFTable.bak
[2010/06/23 17:40:37 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2010/06/23 17:40:37 | 000,000,489 | ---- | M] () -- C:\EXIFTable.dbf
[2007/05/27 00:20:07 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
[2010/06/23 17:40:26 | 000,000,178 | ---- | M] () -- C:\handle.dat
[2010/10/15 10:50:22 | 402,051,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 17:40:37 | 000,000,937 | ---- | M] () -- C:\imageTable.bak
[2010/06/23 17:40:37 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2010/06/23 17:40:37 | 000,000,937 | ---- | M] () -- C:\imageTable.dbf
[2010/06/23 17:40:37 | 000,000,512 | ---- | M] () -- C:\imageTable.fpk
[2010/06/23 17:40:37 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/06 23:15:29 | 000,001,131 | -H-- | M] () -- C:\IPH.PH
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\keywordImagesTable.bak
[2010/06/23 17:40:37 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\keywordImagesTable.dbf
[2010/06/23 17:40:37 | 000,000,457 | ---- | M] () -- C:\keywordTable.bak
[2010/06/23 17:40:37 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2010/06/23 17:40:37 | 000,000,457 | ---- | M] () -- C:\keywordTable.dbf
[2006/08/06 23:02:02 | 000,000,086 | ---- | M] () -- C:\lan.log
[2002/08/13 20:42:46 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\LSPFix.exe
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\managedFolderTable.bak
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\managedFolderTable.dbf
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/09/08 09:12:23 | 000,000,940 | ---- | M] () -- C:\net_save.dna
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/12 09:05:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/08/06 23:09:44 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/10/15 10:50:20 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 17:40:37 | 000,000,425 | ---- | M] () -- C:\pathnameTable.bak
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2010/08/21 17:57:29 | 000,000,957 | ---- | M] () -- C:\pathnameTable.dbf
[2008/11/13 23:19:59 | 000,016,762 | ---- | M] () -- C:\Rescued document.txt
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\ROFImagesTable.bak
[2010/06/23 17:40:37 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2010/06/23 17:40:37 | 000,000,361 | ---- | M] () -- C:\ROFImagesTable.dbf
[2010/06/23 17:40:37 | 000,000,393 | ---- | M] () -- C:\ROFTable.bak
[2010/06/23 17:40:37 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2010/06/23 17:40:37 | 000,000,393 | ---- | M] () -- C:\ROFTable.dbf
[2010/04/05 22:18:15 | 000,252,442 | ---- | M] () -- C:\SearchParty.log
[2007/06/27 13:11:10 | 000,002,274 | ---- | M] () -- C:\StarBurn.log
[2010/08/21 17:57:29 | 000,000,786 | ---- | M] () -- C:\t.administrativeInfo.dbf
[2010/08/21 17:57:29 | 000,007,680 | ---- | M] () -- C:\t.albumImagesTable.cdx
[2010/08/21 17:57:29 | 000,000,424 | ---- | M] () -- C:\t.albumImagesTable.dbf
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.albumTable.cdx
[2010/08/21 17:57:29 | 000,000,584 | ---- | M] () -- C:\t.albumTable.dbf
[2010/08/21 17:57:29 | 000,003,072 | ---- | M] () -- C:\t.EXIFTable.cdx
[2010/08/21 17:57:29 | 000,000,488 | ---- | M] () -- C:\t.EXIFTable.dbf
[2010/08/21 17:57:29 | 000,009,216 | ---- | M] () -- C:\t.imageTable.cdx
[2010/08/21 17:57:29 | 000,001,089 | ---- | M] () -- C:\t.imageTable.dbf
[2010/08/21 17:57:29 | 000,000,512 | ---- | M] () -- C:\t.imageTable.fpt
[2010/08/21 17:57:29 | 000,006,144 | ---- | M] () -- C:\t.keywordImagesTable.cdx
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.keywordImagesTable.dbf
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.keywordTable.cdx
[2010/08/21 17:57:29 | 000,000,456 | ---- | M] () -- C:\t.keywordTable.dbf
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.managedFolderTable.dbf
[2010/08/21 17:57:29 | 000,004,608 | ---- | M] () -- C:\t.pathnameTable.cdx
[2010/08/21 17:57:29 | 000,000,957 | ---- | M] () -- C:\t.pathnameTable.dbf
[2010/08/21 17:57:29 | 000,006,144 | ---- | M] () -- C:\t.ROFImagesTable.cdx
[2010/08/21 17:57:29 | 000,000,360 | ---- | M] () -- C:\t.ROFImagesTable.dbf
[2010/08/21 17:57:29 | 000,003,072 | ---- | M] () -- C:\t.ROFTable.cdx
[2010/08/21 17:57:29 | 000,000,392 | ---- | M] () -- C:\t.ROFTable.dbf
[2006/08/06 22:54:54 | 000,000,002 | RHS- | M] () -- C:\USER
[2007/11/29 17:46:45 | 000,002,334 | ---- | M] () -- C:\_Sid.txt
[2008/11/13 23:19:59 | 000,000,162 | -H-- | M] () -- C:\~$scued document.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*./mp/s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft >

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

< \Windows\WindowsUpdate\AU >

< >

< End of report >


EDIT: Paste log

Attached Files


Edited by etavares, 18 October 2010 - 05:12 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 18 October 2010 - 05:24 PM

Hello, Heavenlyp.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.






Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.







Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    svchost.*
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 19 October 2010 - 11:08 PM

Hi etavares,
I can't access add /remove programs. I click on it but nothing happens, I will delete all p2p programs when I am able, I will not use them. I attachedAttached File  SystemLook 1019.txt   1.91KB   1 downloads SystemLook to you.
Thanks
heavenlyp

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 20 October 2010 - 05:22 PM

Hello, Heavenlyp.


Step 1

1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy



Step 2

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 21 October 2010 - 02:19 AM

Hi etavares,
I still cant paste. system restore cannot protect my system at this time. spooler service not on so I can not install printer. No Internet Explorer, when I click on it it does nothing.I attached combofix log Attached File  Combofix log 1020.txt   8.6KB   2 downloads
heavenlyp

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 21 October 2010 - 05:29 PM

Hello, Heavenlyp.


Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\program files\QuickTime\bak\qttask.exe
c:\program files\QuickTime\QTTask.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"=-
File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\ofitoced.dll.nanflmrkxtns
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 21 October 2010 - 10:46 PM

Hi etavares,
Jotti scans found nothing. Here is the new Combofix log.Attached File  Combofixlog.txt   78.28KB   3 downloads

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 22 October 2010 - 06:00 PM

Please try again..it appears that the Script wasn't used in Combofix. Please ensure you drag the text file you create into Combofix versus running Combofix directly as shown in the picture. Please post the resulting log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 22 October 2010 - 07:38 PM

Hi etavares,
I had to type most of the content because paste does not work anymore. Also,drag and drop ability is gone. I cant click and drag anymore, is there any other way?
Thanks
heavenlyp

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 23 October 2010 - 08:23 AM

Hi heavenlyp-

Yes, there is another way. Do you have a USB flash drive we can use? It needs to be clean. We can create a bootable flashdrive that allows us to do this outside of Windows. You'd need a non-infected computer as well to download and create the USB.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 October 2010 - 06:48 AM

Still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Heavenlyp

Heavenlyp
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 30 October 2010 - 10:31 AM

Hi etavares,
my computer turns off every 5 minutes, I have to get the usb drive you suggested. Is it OK for me to send you a PM when I get situated?
TIA

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 October 2010 - 02:38 PM

Yes, that is fine. What does the computer do every 5 minutes? Does it just shut down, or do you get an error message? That is important to know.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users