Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer freezes and is very slowwww


  • This topic is locked This topic is locked
36 replies to this topic

#1 lomar79

lomar79

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 26 December 2010 - 10:50 AM

hiihave posted my otl report to help you decide how tohelp
here you go

otl

OTL logfile created on: 22/12/2010 8:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\JJ\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

247.00 Mb Total Physical Memory | 35.00 Mb Available Physical Memory | 14.00% Memory free
834.00 Mb Paging File | 623.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 600 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 10.04 Gb Free Space | 26.94% Space Free | Partition Type: NTFS

Computer Name: M-F8EF9B5EAF404 | User Name: JJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 20:00:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ\Desktop\OTL.exe
PRC - [2010/11/03 18:20:21 | 000,068,586 | ---- | M] () -- C:\WINDOWS\system32\drivers\nvscv32.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/10/19 18:44:44 | 000,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 20:00:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ\Desktop\OTL.exe
MOD - [2004/08/03 23:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfe71c13fd22) Google Update Service (gupdate1c9dfe71c13fd22)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2010/12/08 21:26:14 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/19 16:50:07 | 001,596,517 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009/02/11 13:40:36 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | Auto | Stopped] -- C:\windows\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/08/06 19:17:32 | 000,023,424 | ---- | M] (Parallel Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\fxxlffir.sys -- (fxxlffir)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 21:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-796845957-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: Hotbar@Hotbar.com:11.0.0.0
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=61495&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2009/12/09 11:13:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions [2010/07/12 15:07:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 20:50:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/28 17:09:19 | 000,000,000 | ---D | M]

[2009/07/12 13:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Extensions
[2009/03/08 21:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/04/06 15:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\extensions
[2009/04/06 15:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/12/19 18:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions
[2010/01/26 21:06:14 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/08/14 00:22:42 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/10/10 11:40:00 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2010/10/10 11:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions\ffxtlbr@Facemoods.com
[2010/10/10 11:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/01/20 12:18:12 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\searchplugins\conduit.xml
[2009/12/01 13:50:20 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\searchplugins\MySpace.xml
[2009/11/27 03:39:53 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\JJ\Application Data\Mozilla\Firefox\Profiles\he4o1q9k.default\searchplugins\search-the-web.xml
[2010/10/10 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 15:59:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
[2010/04/01 17:50:22 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[2010/08/09 21:02:31 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/12/21 06:44:18 | 000,000,010 | RHS- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Desktop_.ini

O1 HOSTS File: ([2009/07/19 23:05:48 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe File not found
O4 - HKU\S-1-5-21-796845957-1979792683-682003330-1003..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-21-796845957-1979792683-682003330-1003..\Run: [nvscv32] C:\WINDOWS\system32\drivers\nvscv32.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239751552864&h=eea83bc893c99ca5a7a965fd730bf89a/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\program files\relevantknowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\JJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell\Auto\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell\Auto\command - "" = C:\windows\System32\setup.exe -- [2004/08/03 23:56:58 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell\Auto\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SSA.exe - hkey= - key= - C:\Program Files\Bell\Internet Service Advisor\SSA.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\windows\system32\Rundll32.exe C:\windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 20:00:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JJ\Desktop\OTL.exe
[2010/12/22 19:40:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JJ\Recent
[2010/12/11 21:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJ\Desktop\HATS
[2010/12/07 14:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Program4Pc
[2010/12/07 14:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\DJ Music Mixer
[2010/11/24 20:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJ\Application Data\vlc
[2010/03/13 23:55:15 | 012,437,775 | ---- | C] (Creative Technology Ltd) -- C:\Program Files\AVDD_PCAPP_US_1_00_08.exe
[2010/03/13 23:50:18 | 033,439,272 | ---- | C] (Creative Technology Ltd) -- C:\Program Files\LCC_PCAPP_LA_2_02_05.exe
[2010/01/26 20:59:40 | 011,817,896 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files\megamanager.exe
[2009/12/05 01:42:31 | 027,116,528 | ---- | C] (MAGIX AG) -- C:\Program Files\funpix_maker_24mb_d_en.exe
[2009/12/05 01:39:35 | 015,308,084 | ---- | C] (PearlMountain Soft) -- C:\Program Files\PictureCollageMakerFree.exe
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 20:00:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ\Desktop\OTL.exe
[2010/12/22 19:40:03 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\HiJackThis.lnk
[2010/12/22 19:36:31 | 000,000,874 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cad9e5f138cc50.job
[2010/12/22 19:35:52 | 000,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010/12/22 19:35:30 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/22 15:19:36 | 000,000,010 | RHS- | M] () -- C:\Program Files\Desktop_.ini
[2010/12/22 15:10:24 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/12/20 18:27:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/14 21:27:01 | 000,160,831 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\red-cherry-fruit-lips.jpg
[2010/12/14 20:53:11 | 000,004,564 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\imageshgf.jpeg
[2010/12/14 20:51:20 | 000,019,193 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\49840-bigthumbnail.jpg
[2010/12/14 20:50:39 | 000,015,097 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\5069587-sexy-red-lips-with-cherry.jpg
[2010/12/13 02:08:51 | 000,013,784 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\hhnn.jpeg
[2010/12/13 02:07:38 | 000,009,059 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\j.jpeg
[2010/12/13 02:07:12 | 000,003,066 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\imagesb.jpeg
[2010/12/13 02:06:02 | 000,010,115 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\images.jpeg
[2010/12/10 20:44:34 | 000,348,931 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\Screen-shot-2010-02-18-at-8.42.43-AM.png
[2010/12/10 20:24:55 | 000,014,892 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\marmiragemf269mf753.jpg
[2010/12/08 08:51:23 | 000,072,170 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\My C.V..PNG
[2010/12/07 14:30:09 | 000,274,210 | ---- | M] () -- C:\windows\DJ Music Mixer Uninstaller.exe
[2010/12/07 14:29:48 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\DJ Music Mixer.lnk
[2010/12/07 14:29:06 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\Virtual DJ Home.lnk
[2010/12/06 14:15:00 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\Free M4a to MP3 Converter.lnk
[2010/12/05 12:24:15 | 000,317,506 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\MAP AREAS.PNG
[2010/12/05 12:18:30 | 000,469,486 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\MAP WORK AREA.PNG
[2010/12/01 20:47:16 | 000,012,741 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\2.JPG
[2010/12/01 20:46:38 | 000,013,840 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\1.JPG
[2010/12/01 20:45:35 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/29 09:56:56 | 000,629,379 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\IMG-20101129-00075.jpg
[2010/11/29 09:52:54 | 001,368,604 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\IMG-20101129-00062.jpg
[2010/11/28 17:09:21 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/27 21:18:08 | 000,052,295 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\shoedazzle.jpg
[2010/11/26 14:48:23 | 000,283,933 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\84454e0ff5978813bf1820b30970ac767fd9e124.jpg
[2010/11/26 14:48:03 | 000,367,012 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\dacb515819bb72b9b58e8a610e23c1d54a233534.jpg
[2010/11/26 13:34:27 | 000,030,174 | ---- | M] () -- C:\Documents and Settings\JJ\Desktop\Versace-Medusa-Medallion_AD6C426C.jpg
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/14 21:26:45 | 000,160,831 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\red-cherry-fruit-lips.jpg
[2010/12/14 20:53:07 | 000,004,564 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\imageshgf.jpeg
[2010/12/14 20:51:08 | 000,019,193 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\49840-bigthumbnail.jpg
[2010/12/14 20:50:35 | 000,015,097 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\5069587-sexy-red-lips-with-cherry.jpg
[2010/12/13 02:08:46 | 000,013,784 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\hhnn.jpeg
[2010/12/13 02:07:35 | 000,009,059 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\j.jpeg
[2010/12/13 02:07:09 | 000,003,066 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\imagesb.jpeg
[2010/12/13 02:05:56 | 000,010,115 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\images.jpeg
[2010/12/10 20:44:15 | 000,348,931 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\Screen-shot-2010-02-18-at-8.42.43-AM.png
[2010/12/10 20:24:42 | 000,014,892 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\marmiragemf269mf753.jpg
[2010/12/07 14:30:09 | 000,274,210 | ---- | C] () -- C:\windows\DJ Music Mixer Uninstaller.exe
[2010/12/07 14:29:48 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\DJ Music Mixer.lnk
[2010/12/07 14:29:06 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\Virtual DJ Home.lnk
[2010/12/05 12:24:14 | 000,317,506 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\MAP AREAS.PNG
[2010/12/05 12:18:28 | 000,469,486 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\MAP WORK AREA.PNG
[2010/12/01 20:47:16 | 000,012,741 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\2.JPG
[2010/12/01 20:46:36 | 000,013,840 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\1.JPG
[2010/12/01 20:45:14 | 001,368,604 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\IMG-20101129-00062.jpg
[2010/12/01 20:45:09 | 000,629,379 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\IMG-20101129-00075.jpg
[2010/11/27 21:18:04 | 000,052,295 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\shoedazzle.jpg
[2010/11/26 14:48:21 | 000,283,933 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\84454e0ff5978813bf1820b30970ac767fd9e124.jpg
[2010/11/26 14:47:50 | 000,367,012 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\dacb515819bb72b9b58e8a610e23c1d54a233534.jpg
[2010/11/26 13:34:25 | 000,030,174 | ---- | C] () -- C:\Documents and Settings\JJ\Desktop\Versace-Medusa-Medallion_AD6C426C.jpg
[2010/10/24 18:55:35 | 000,000,000 | ---- | C] () -- C:\windows\wininit.ini
[2010/06/29 12:33:03 | 000,000,032 | ---- | C] () -- C:\windows\tdlp32.ini
[2010/04/14 19:40:13 | 000,000,396 | ---- | C] () -- C:\windows\NJCOM.INI
[2010/03/13 23:46:07 | 008,770,783 | ---- | C] () -- C:\Program Files\LCNP_DRVAP_US_1_02_06_0627.exe
[2010/03/13 23:44:11 | 002,679,907 | ---- | C] () -- C:\Program Files\LCNP_0250_PCDrv_US_1_04_02.exe
[2010/01/26 22:26:32 | 000,000,050 | ---- | C] () -- C:\windows\MegaManager.INI
[2009/12/13 22:52:34 | 000,458,525 | ---- | C] () -- C:\Program Files\autoi.exe
[2009/12/06 21:53:34 | 006,969,901 | ---- | C] () -- C:\Program Files\pianofx4.exe
[2009/12/05 02:48:52 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/05 02:48:52 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/12/05 02:44:29 | 002,705,568 | ---- | C] () -- C:\Program Files\fmsetup.exe
[2009/12/05 02:41:02 | 077,955,832 | ---- | C] () -- C:\Program Files\easysetup.exe
[2009/12/05 01:49:56 | 000,294,420 | ---- | C] () -- C:\Program Files\PanoradoFlyer12Setup.exe
[2009/11/27 04:04:31 | 018,030,130 | ---- | C] () -- C:\Program Files\vlc-1.0.3-win32.exe
[2009/11/23 19:19:02 | 000,000,010 | RHS- | C] () -- C:\Program Files\Desktop_.ini
[2009/10/22 02:12:44 | 000,270,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/29 21:16:37 | 000,000,028 | ---- | C] () -- C:\windows\Robota.INI
[2009/08/29 21:06:53 | 000,053,248 | ---- | C] () -- C:\windows\System32\mgxasio2.dll
[2009/08/29 20:59:23 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2009/08/29 20:58:56 | 000,006,211 | ---- | C] () -- C:\windows\mgxoschk.ini
[2009/08/29 12:46:27 | 000,237,568 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2009/08/29 12:46:15 | 000,081,332 | ---- | C] () -- C:\windows\System32\Bass.Dll
[2009/06/27 17:21:25 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/06/13 12:20:49 | 000,005,003 | ---- | C] () -- C:\Documents and Settings\JJ\Application Data\biz.q-technologies.picturethebatch.xml
[2009/05/14 11:58:58 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\JJ\Application Data\Smiley.ico
[2009/05/02 22:44:20 | 000,000,132 | ---- | C] () -- C:\windows\picture-shark.INI
[2009/04/09 02:56:04 | 000,000,000 | ---- | C] () -- C:\windows\PhotoNow.INI
[2009/04/06 15:02:36 | 007,418,291 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/03/26 02:00:33 | 000,246,784 | ---- | C] () -- C:\windows\System32\sqlite3.dll
[2009/02/19 05:16:27 | 000,074,703 | ---- | C] () -- C:\windows\System32\mfc45.dll
[2009/02/19 04:34:44 | 000,000,049 | -H-- | C] () -- C:\Documents and Settings\JJ\Application Data\eMail Verifier.ini
[2009/02/16 03:48:08 | 000,024,576 | ---- | C] () -- C:\windows\System32\snEUps.dll
[2009/02/15 03:41:29 | 000,000,031 | ---- | C] () -- C:\windows\bluevoda.ini
[2009/02/09 03:55:29 | 000,013,312 | ---- | C] () -- C:\windows\System32\BASSMOD.dll
[2009/02/06 02:43:12 | 000,000,432 | ---- | C] () -- C:\windows\System32\iolo.ini
[2009/02/03 03:43:05 | 000,000,216 | ---- | C] () -- C:\windows\EurekaLog.ini
[2009/01/31 02:33:56 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\JJ\Local Settings\Application Data\fusioncache.dat
[2009/01/30 04:36:35 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\JJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/29 02:03:17 | 000,000,456 | ---- | C] () -- C:\windows\XMailer.INI
[2009/01/20 13:54:13 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2004/07/17 10:36:38 | 000,027,440 | ---- | C] () -- C:\windows\System32\drivers\secdrv.sys
[2001/07/20 07:09:58 | 000,196,608 | ---- | C] () -- C:\windows\System32\swfobjs.dll

========== Custom Scans ==========


< CODE >

< %SYSTEMDRIVE%\*.exe >
[2009/12/17 05:35:20 | 000,546,645 | ---- | M] () -- C:\casinoclassic.exe


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/20 13:24:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 13:24:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 13:24:50 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2009/08/11 11:12:13 | 000,000,040 | ---- | M] ()(C:\windows\System32\?????????????????4????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/11 11:12:13 | 000,000,040 | ---- | C] ()(C:\windows\System32\?????????????????4????????????????????????g) -- C:\windows\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08948D52

< End of report >


and extra

OTL Extras logfile created on: 22/12/2010 8:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\JJ\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

247.00 Mb Total Physical Memory | 35.00 Mb Available Physical Memory | 14.00% Memory free
834.00 Mb Paging File | 623.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 600 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 10.04 Gb Free Space | 26.94% Space Free | Partition Type: NTFS

Computer Name: M-F8EF9B5EAF404 | User Name: JJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-796845957-1979792683-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25:TCP" = 25:TCP:*:Disabled:gmail
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\DOCUME~1\JJ\LOCALS~1\Temp\IXP000.TMP\PHOTOS~1.EXE" = C:\DOCUME~1\JJ\LOCALS~1\Temp\IXP000.TMP\PHOTOS~1.EXE:*:Enabled:Windows Messanger -- File not found
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" = C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe:*:Enabled:Windows Messanger -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Disabled:CyberLink PowerDirector -- File not found
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe:*:Disabled:iolo AntiVirus® -- File not found
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe:*:Disabled:iolo AntiVirus® Email Protection -- File not found
"C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" = C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe:*:Disabled:iolo Firewall® -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- ()
"C:\Program Files\Loudtalks\Loudtalks.exe" = C:\Program Files\Loudtalks\Loudtalks.exe:*:Disabled:Loudtalks -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Disabled:Pinnacle VideoSpin -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Disabled:Render Manager -- File not found
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Disabled:SightSpeed -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- ()
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- File not found
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Disabled:umi -- File not found
"C:\Program Files\fec\Super Email Extractor\XDirectory.exe" = C:\Program Files\fec\Super Email Extractor\XDirectory.exe:*:Disabled:XDirectory -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\VirtualDJ\virtualdj.exe" = C:\Program Files\VirtualDJ\virtualdj.exe:*:Disabled:Virtual DJ -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- ()
"C:\Documents and Settings\JJ\My Documents\Facemoods.exe" = C:\Documents and Settings\JJ\My Documents\Facemoods.exe:*:Enabled:Facemoods Installer -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series



thankyou
i await yourt response

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 26 December 2010 - 11:03 AM

Hi,

please run a scan with Rootkit Unhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 26 December 2010 - 11:26 AM

ok here u go

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\windows\system32\ntoskrnl.exe 2180992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2180992 bytes
0x804D7000 RAW 2180992 bytes
0x804D7000 WMIxWDM 2180992 bytes
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\windows\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBFA2C000 C:\windows\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF8F46000 C:\windows\system32\DRIVERS\ialmnt5.sys 811008 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF8E22000 C:\windows\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF9396000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEEF27000 C:\windows\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEF00C000 C:\windows\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEEA0E000 C:\windows\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\windows\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEE39B000 C:\windows\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8D59000 C:\windows\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF8D8D000 C:\windows\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF94D9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEEB51000 C:\windows\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF9369000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBFA00000 C:\windows\System32\ialmdev5.DLL 180224 bytes (Intel Corporation, Component GHAL Driver)
0xEEF96000 C:\windows\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEE0F1000 C:\windows\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF8EE7000 C:\windows\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xEEFE4000 C:\windows\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF9483000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF8DFE000 C:\windows\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8EB0000 C:\windows\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8F0F000 C:\windows\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEEFC2000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\windows\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF944C000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF94A9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF9E1000 C:\windows\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF934E000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8DE6000 C:\windows\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF946B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEEE26000 C:\windows\System32\Drivers\dump_atapi.sys 98304 bytes
0xF9423000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8DCF000 C:\windows\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEE751000 C:\windows\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8ED3000 C:\windows\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8F32000 C:\windows\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF064000 C:\windows\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C1000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF943A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF94C8000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8DBE000 C:\windows\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF9658000 C:\windows\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF96A8000 C:\windows\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF96D8000 C:\windows\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF96C8000 C:\windows\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEE846000 C:\windows\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF9778000 C:\windows\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF9D3000 C:\windows\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF96B8000 C:\windows\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF9568000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF9698000 C:\windows\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF96F8000 C:\windows\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF9548000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF9718000 C:\windows\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF9538000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF9708000 C:\windows\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF9758000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF9738000 C:\windows\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF9558000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF95D8000 C:\windows\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF9618000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF96E8000 C:\windows\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF9528000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9728000 C:\windows\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF95B8000 C:\windows\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEE6AE000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF9578000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF95E8000 C:\windows\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF98C8000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF9868000 C:\windows\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF98E8000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF97B0000 C:\windows\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF9850000 C:\windows\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF97A8000 fxxlffir.sys 24576 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9870000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF9860000 C:\windows\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9858000 C:\windows\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF98B8000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF98A0000 C:\windows\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF98C0000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF97B8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9880000 C:\windows\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9888000 C:\windows\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF9878000 C:\windows\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9848000 C:\windows\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF98F0000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF9A0C000 C:\windows\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEEDCE000 C:\windows\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF99E8000 C:\windows\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF9938000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF0A9A000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF99D4000 C:\windows\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF99DC000 C:\windows\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF99F0000 C:\windows\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF99B0000 C:\windows\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF9A50000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF9A2E000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF9A5A000 C:\windows\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF9A4E000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF9A2C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF9A28000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9A52000 C:\windows\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9ABC000 C:\windows\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF9A54000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9A4A000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9A4C000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF9A2A000 C:\windows\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF9B6C000 C:\windows\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF9C69000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF9BFE000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF9AF0000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [RMCast.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [fxxlffir.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [scsiport.sys]

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 26 December 2010 - 05:48 PM

Hi,

the detections by rootkit unhooker may be a false positive.

Could you please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

If this crashes your PC or is otherwise incompatible with your hardware, please let me know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 27 December 2010 - 09:24 PM

well tried your program wow i had trouble keep freezing my pc but i was able to get report for youof registry everytime it did files c: drive it get about 2 hours in then freeze

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-27 20:50:51
Windows 5.1.2600 Service Pack 2
Running: sznf65zz.exe; Driver: C:\DOCUME~1\JJ\LOCALS~1\Temp\pfniqaod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
this is report of registry i managed to scan one by one but like i said about c drives its freezers after hour or so
but niothing was report before it froze

i hope ity help

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 PM

Posted 28 December 2010 - 05:27 AM

Hi lomar79,

myrti is away for a few days and I'll be assisting you.

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfe71c13fd22) Google Update Service (gupdate1c9dfe71c13fd22)
      SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\windows\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
      O3 - HKU\S-1-5-21-796845957-1979792683-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
      O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
      O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe File not found
      O4 - HKU\S-1-5-21-796845957-1979792683-682003330-1003..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
      O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm File not found
      O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.)
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: SSA.exe - hkey= - key= - C:\Program Files\Bell\Internet Service Advisor\SSA.exe File not found
      MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
      O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell - "" = AutoRun
      O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell\Auto\command - "" = E:\setup.exe -- File not found
      O33 - MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell - "" = AutoRun
      O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell\Auto\command - "" = C:\windows\System32\setup.exe -- [2004/08/03 23:56:58 | 000,023,040 | ---- | M] (Microsoft Corporation)
      O33 - MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
      O33 - MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\Shell\phone\command - "" = E:\autorun.exe -- File not found
      O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell - "" = AutoRun
      O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell\Auto\command - "" = E:\setup.exe -- File not found
      O33 - MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\Shell\AutoRun - "" = Auto&Play
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\DOCUME~1\JJ\LOCALS~1\Temp\IXP000.TMP\PHOTOS~1.EXE" =-
      "C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" = -
      :files
      C:\RECYCLER
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • DDS.scr
    • DDS.pif
  • Double click on the DDS icon, allow it to run. When done it will open two logs:
    • DDS.txt
    • Attach.txt
  • Copy and paste the logs to your reply.


#7 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 11:54 AM

This is otl fix report


========== OTL ==========
Error: No service named gupdate1c9dfe71c13fd22) Google Update Service (gupdate1c9dfe71c13fd22 was found to stop!
Service\Driver key gupdate1c9dfe71c13fd22) Google Update Service (gupdate1c9dfe71c13fd22 not found.
File C:\Program Files\Google\Update\GoogleUpdate.exe not found.
Error: No service named getPlus® Helper was found to stop!
Service\Driver key getPlus® Helper not found.
File C:\Program Files\NOS\bin\getPlus_HelperSvc.exe not found.
Service SABProcEnum stopped successfully!
Service SABProcEnum deleted successfully!
File C:\Program Files\Internet Explorer\SABProcEnum.sys not found.
Error: No service named RPSKT) Security Services Driver (x86 was found to stop!
Service\Driver key RPSKT) Security Services Driver (x86 not found.
File C:\windows\System32\DRIVERS\rp_skt32.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1979792683-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1979792683-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdatePDRShortCut deleted successfully.
Registry value HKEY_USERS\S-1-5-21-796845957-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09EA1F80-F40A-11D1-B792-444553540001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EA1F80-F40A-11D1-B792-444553540001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09EA1F80-F40A-11D1-B792-444553540001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EA1F80-F40A-11D1-B792-444553540001}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Web-Based Email Tools
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IgfxTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SSA.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3daeca4c-f864-11df-b9b5-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ not found.
C:\WINDOWS\system32\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67d009ff-ccd8-11df-b90a-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{982b9b52-8f60-11df-b8ad-000802e73b6b}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4167cce-f0cf-11dd-b6b0-000802e73b6b}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\JJ\LOCALS~1\Temp\IXP000.TMP\PHOTOS~1.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe deleted successfully.
========== FILES ==========
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc23 folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22\Soundtrack - Memoirs of a Geisha folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22\NEW YOUTUBE SONGS folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22\MOOD MUSIC\Afrojack-Afrojack_EP-(SNEAK060)-WEB-2009-EPiCFAiL folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22\MOOD MUSIC folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22\MCZ MUSIC2 folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003\Dc22 folder moved successfully.
C:\RECYCLER\S-1-5-21-796845957-1979792683-682003330-1003 folder moved successfully.
C:\RECYCLER\k-1-3542-4232123213-7676767-8888886 folder moved successfully.
C:\RECYCLER folder moved successfully.

OTL by OldTimer - Version 3.2.18.0 log created on 12282010_114745




this is dds


DDS (Ver_10-12-12.02) - NTFSx86
Run by JJ at 11:51:27.50 on 28/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.39 [GMT -5:00]


============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\drivers\nvscv32.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JJ\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://google.ca/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
EB: Hotbar Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\hotbar\bin\11.0.175.0\HostIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [nvscv32] c:\windows\system32\drivers\nvscv32.exe
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239751552864&h=eea83bc893c99ca5a7a965fd730bf89a/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe

============= SERVICES / DRIVERS ===============

R0 fxxlffir;fxxlffir;c:\windows\system32\drivers\fxxlffir.sys [2004-8-6 23424]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
S2 gupdate1c9dfe71c13fd22;Google Update Service (gupdate1c9dfe71c13fd22);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-29 1596517]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-6 234888]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-12-28 16:47:45 -------- d-----w- C:\_OTL
2010-12-26 03:45:18 -------- dc-h--w- c:\windows\ie8
2010-12-07 19:30:09 274210 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2010-12-07 19:29:38 -------- d-----w- c:\program files\DJ Music Mixer
2010-12-07 19:29:38 -------- d-----w- c:\program files\common files\Program4Pc
2010-11-29 08:13:06 176101 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

==================== Find3M ====================

2010-09-30 01:50:17 6373376 ----a-w- c:\documents and settings\jj\MySpaceIM.exe.exe
2010-09-29 23:21:22 120832 ----a-w- c:\documents and settings\jj\Uninstall.exe.exe
2010-09-29 23:20:49 149504 ----a-w- c:\documents and settings\jj\unwise.exe.exe
2010-09-29 23:19:43 697747 ----a-w- c:\documents and settings\jj\unins000.exe.exe
2010-09-29 23:19:04 63523 ----a-w- c:\documents and settings\jj\UninstallVeetleTV.exe.exe
2010-09-29 23:18:27 48288 ----a-w- c:\documents and settings\jj\uninst.exe.exe
2010-09-29 23:17:06 446568 ----a-w- c:\documents and settings\jj\install.exe.exe
2010-09-29 23:08:28 292640 ----a-w- c:\windows\system32\iTunesPhotoProcessor.exe.exe
2010-09-29 23:06:35 315024 ----a-w- c:\documents and settings\jj\HotbarUninstaller.exe.exe
2010-09-29 22:59:53 2770288 ----a-w- c:\documents and settings\jj\Remove-DAZStudio3_Win32.exe.exe
2010-09-29 21:33:30 473832 ----a-w- c:\documents and settings\jj\uninstbb.exe.exe
2010-03-14 07:04:28 8770783 ----a-w- c:\program files\LCNP_DRVAP_US_1_02_06_0627.exe
2010-03-14 07:04:26 2679907 ----a-w- c:\program files\LCNP_0250_PCDrv_US_1_04_02.exe
2010-03-14 04:56:17 12437775 ----a-w- c:\program files\AVDD_PCAPP_US_1_00_08.exe
2010-03-14 04:52:58 33439272 ----a-w- c:\program files\LCC_PCAPP_LA_2_02_05.exe
2010-01-27 01:59:56 11817896 ----a-w- c:\program files\megamanager.exe
2009-12-15 10:46:08 458525 ----a-w- c:\program files\autoi.exe
2009-12-09 06:19:45 6969901 ----a-w- c:\program files\pianofx4.exe
2009-12-09 06:19:19 294420 ----a-w- c:\program files\PanoradoFlyer12Setup.exe
2009-12-09 06:06:34 2705568 ----a-w- c:\program files\fmsetup.exe
2009-12-05 07:47:22 77955832 ----a-w- c:\program files\easysetup.exe
2009-12-05 06:43:46 27116528 -c--a-w- c:\program files\funpix_maker_24mb_d_en.exe
2009-12-05 06:39:37 15308084 ----a-w- c:\program files\PictureCollageMakerFree.exe
2009-11-27 09:06:04 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe
2009-07-28 14:43:20 7418291 ----a-w- c:\program files\FLV PlayerATBSetup.exe

============= FINISH: 11:52:52.65 ===============


this is attach log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 20/01/2009 6:09:25 PM
System Uptime: 28/12/2010 11:38:13 AM (0 hours ago)

Motherboard: Compaq | | 07E8h
Processor: Intel® Pentium® 4 CPU 2.00GHz | XU1 PROCESSOR | 1993/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 11.811 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&36B16CB7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&36B16CB7&0
Service: i8042prt

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:

==== System Restore Points ===================

RP471: 26/12/2010 4:02:02 AM - Installed Windows Internet Explorer 8.
RP472: 27/12/2010 3:02:20 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 9.20
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Advanced Video FX Engine
Akamai NetSession Interface
AnalogX AutoTune
Apple Application Support
Apple Software Update
Artisteer 2
AutoUpdate
BingoCabin
Canon iP2600 series
CCleaner
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DJ Music Mixer
EPSON Scan
Extension Changer
facemoods
FileZilla Client 3.3.4.1
Firebird SQL Server - MAGIX Edition
Foxit PDF Editor
Free M4a to MP3 Converter 6.2
Google Update Helper
H.264 Decoder
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Intel® Extreme Graphics Driver
Intel® PRO Network Connections
Java™ 6 Update 13
Junk Mail filter update
LiveChat
McAfee Security Scan Plus
Mega Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Monkey's Audio
Mozilla Firefox (3.6.11)
MSVCRT
MSXML 6.0 Parser (KB933579)
MySpaceIM
NJStar Communicator
QuickTime
RelevantKnowledge
Rootkit Unhooker LE 3.8 SR 2
RPS CRT
Segoe UI
Skype™ 4.2
Sweet Home 3D version 2.6
Text-To-Speech-Runtime
VC80CRTRedist - 8.0.50727.4053
Virtual DJ Home - Atomix Productions
VLC media player 1.1.5
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
WinRAR 4.00 beta 3 (32-bit)
WorldWinner Games
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

28/12/2010 11:48:37 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\setup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
27/12/2010 6:04:37 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
27/12/2010 12:09:39 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
26/12/2010 3:59:20 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'Desktop_.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
26/12/2010 11:37:30 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
25/12/2010 9:46:32 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c9dfe71c13fd22) service failed to start due to the following error: The system cannot find the file specified.
25/12/2010 4:51:42 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
25/12/2010 4:24:36 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

==== End Of File ===========================

thankyou i ll beawaiting your response

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 PM

Posted 28 December 2010 - 01:19 PM

  • I see on your log that Marketscore.RelevantKnowledge is installed on your computer:

    This program is known to be related to adware/spyware. More information here:http://research.sunbelt-software.com/threatdisplay.aspx?name=Marketscore.RelevantKnowledge&threatid=15129'> http://research.sunbelt-software.com/threatdisplay.aspx?name=Marketscore.RelevantKnowledge&threatid=15129

    Please go to Add/Remove Programs in Control Panel and uninstall the following program:

    RelevantKnowledge
  • I see the traces of iolo System Mechanic on the system but it is not listed on the program lists. Have you uninstalled it? Please give me feedback about this, there are things to remove and things to repair.
  • Open a notepad (Start > Run and type in Notepad )

    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}]
    StubPath =-
    

    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm. It should look like Posted Image
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.

    Note: You have to turn off any registry protector software you have in order the changes to be taken place.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 05:47 PM

i tried to unsttall the relevant knowledge it says it unistall already n to delete friomlist
thisis what happemds i got this ncsvs32 tyhing messing up my pc
if i install aprogram it messes around on it it over take my pc it seems
i tried the regeit but after i click it it never ask me to install in pop up window i get no pop up when i double click and yes i ndid save it as all files

anyother program i unstall but when i triy to it says they were unstalled aklready but thisisfalse

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 PM

Posted 28 December 2010 - 06:10 PM

Thanks for the feedback. Are you using a computer to write your reply? Or you are doing it from your mobile? Or lack of time? I can understand you but should do more effort than normal.

It is too late here and I am going to sleep now. Tomorrow we follow on and take care of everything.

Meantime please do the following:


To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
***************
OR:

Go to Start > Run and type or copy and paste the bold line in the Run box and press enter:

cmd /c chkdsk /r

A command window opens. Type Y and press Enter.
Close the window and restart the computer.

After the disk check is finished and the Windows started:
  • Go to Start => Run => type or copy/paste eventvwr in the run box and click OK.
  • Select Applications section.
  • Click on the Source column to sort the items alphabetically.
  • Search for the Winlogon entry that corresponds to when you ran the check disk.
  • Double-click that entry and you'll find the scan's results there, click the third button on the right, under two arrow keys (this copies the info in the memory to the clipboard).
  • Then open a notepad, right-click in it and and select Paste or paste the content of the clipboard directly to your reply.


#11 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 06:46 PM

volume is clean it says

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:12 PM

Posted 28 December 2010 - 07:24 PM

May I have the log please.

#13 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 07:28 PM

i dont see anything saying Winlogon

#14 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 07:30 PM

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 25/12/2010
Time: 4:31:10 PM
User: N/A
Computer: M-F8EF9B5EAF404
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

this is not from today

#15 lomar79

lomar79
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 28 December 2010 - 07:33 PM

Event Type: Warning
Event Source: PerfDisk
Event Category: None
Event ID: 2001
Date: 27/12/2010
Time: 8:10:39 PM
User: N/A
Computer: M-F8EF9B5EAF404
Description:
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: aa 05 00 00 ª...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users