Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Headache the size of Texas


  • Please log in to reply
16 replies to this topic

#1 NederAmerikaanse

NederAmerikaanse

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 June 2011 - 07:21 PM

Good evening,
I have a serious issue with my laptop after lending it out:
it is an HP G72 series laptop running Windows 7 Home Premium, that cannot execute most .exe files,
the message being either "file is corrupt" or "insert file name here is missing".
The CPU was at 100% (something that has never happened before), though it has since lowered.
HP Remote Support did a factory re-install of Windows, though the results
have been less than stellar.
I would like to thank whomever happens to take the time to read it over;
i appreciate that you take time out of your evening to do so, i'm extremely grateful for any and all input.

Here is my HijackThis scan log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:30 PM, on 6/17/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6742 bytes

Edited by NederAmerikaanse, 17 June 2011 - 08:34 PM.


BC AdBot (Login to Remove)

 


#2 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 June 2011 - 10:51 PM

I just had contact with HP Support, who suggested that i buy a new
copy of Windows 7 Home Premium and start from scratch, but that
action would also void my warranty.
Any suggestions?

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 17 June 2011 - 10:59 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 22 June 2011 - 08:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 23 June 2011 - 12:25 PM

Gringo,
Thank you for graciously taking out of your day (or evening) to help
me, i greatly appreciate it!
HP remote assistance re-installed Windows 7 Home Premium 64 Bit,
though i am still unable to download and/or install programs
such as Firefox 5.0, as well as anti-virus and anti-malware programs (bad sectors on my HDD?).
Windows Update is not functioning properly as most updates either fail to download or install (error 80200053).
This laptop is only 7 months old, and i have never had a problem with it until
i allowed a friend to use it (he downloaded a bunch of nonsense w/utorrent).
I ran DeFogger as you had asked, and here are my DDS logs:


Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2011 9:14:45 PM
System Uptime: 6/23/2011 8:21:35 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 258.499 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 14.001 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\SYN1E27\4&6A0886C&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\SYN1E27\4&6A0886C&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP18: 6/22/2011 10:05:14 AM - Windows Update
RP19: 6/22/2011 11:06:25 AM - Windows Update
RP20: 6/23/2011 8:18:28 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Avant Browser (remove only)
Definition update for Microsoft Office 2010 (KB982726)
Google Chrome
Google Talk Plugin
Intel® Graphics Media Accelerator Driver
IrfanView (remove only)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
ooVoo
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Publisher 2010 (KB2409055)
SimCity 4 Deluxe
SlimPDF Reader
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
.
==== Event Viewer Messages From Past Week ========
.
6/22/2011 7:09:16 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2146762751
6/22/2011 6:52:15 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/22/2011 6:16:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ErinandMarieke\Erin and Marieke SID (S-1-5-21-2072496284-2629460678-4144384044-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/22/2011 5:48:08 AM, Error: Service Control Manager [7023] -
6/22/2011 5:43:35 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
.
==== End Of File ===========================


-and-


DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Erin and Marieke at 12:17:45 on 2011-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2689 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Erin and Marieke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Erin and Marieke\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe

Edited by NederAmerikaanse, 23 June 2011 - 12:30 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 23 June 2011 - 04:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 23 June 2011 - 11:11 PM

Gringo,
I tried several times to download ComboFix with Chrome and
Avant browsers to several different locations, as well as renaming the file and running as administrator no avail;
therefore, i've included two snips (one of the installer error, and the other of my task manager):
The machine is fine if you consider that i cannot install most programs...

Attached Files


Edited by NederAmerikaanse, 23 June 2011 - 11:14 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 23 June 2011 - 11:26 PM

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 24 June 2011 - 06:59 AM

Gringo,
I ran the program, here is the log:

exeHelper by Raktor
Build 20100414
Run at 06:57:50 on 06/24/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 24 June 2011 - 07:07 AM

now see if combofix will run


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 24 June 2011 - 11:46 AM

Gringo,
I tried to run ComboFix with the same results, the "NSIS" error.
I also tried downloading to other locations, as well as renaming the file,
each time getting the same error.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 24 June 2011 - 12:06 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 24 June 2011 - 01:24 PM

Gringo,
I tried to use the program, and couldn't---this time, there was no error
report, it simply disappeared from the task manager.
This is was what i saw in Event Viewer:



Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program OTL because of this error.

Program: OTL
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.

Additional Data
Error value: 00000000
Disk type: 0

#13 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 25 June 2011 - 10:28 AM

Hi Gringo,
Wonder of wonders, the program worked this morning,
here are the logs:


OTL Extras logfile created on: 6/25/2011 10:12:55 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Erin and Marieke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 74.01% Memory free
7.81 Gb Paging File | 6.65 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.78 Gb Total Space | 264.58 Gb Free Space | 93.23% Space Free | Partition Type: NTFS
Drive D: | 14.00 Gb Total Space | 14.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ERINANDMARIEKE | User Name: Erin and Marieke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AvantBrowser" = Avant Browser (remove only)
"IrfanView" = IrfanView (remove only)
"Office14.SingleImage" = Microsoft Office Home and Student 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2072496284-2629460678-4144384044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2011 1:18:28 PM | Computer Name = ErinandMarieke | Source = Windows Search Service | ID = 1019
Description =

Error - 6/24/2011 2:09:52 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.24.1, time stamp:
0x2a425e19 Faulting module name: OTL.exe, version: 3.2.24.1, time stamp: 0x2a425e19
Exception
code: 0xc000001d Fault offset: 0x0023c004 Faulting process id: 0x103c Faulting application
start time: 0x01cc3299e96e5ccb Faulting application path: C:\Users\Erin and Marieke\Desktop\OTL.exe
Faulting
module path: C:\Users\Erin and Marieke\Desktop\OTL.exe Report Id: 279d218c-9e8d-11e0-b563-c80aa9a7e0ad

Error - 6/24/2011 2:09:52 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program OTL because of this error. Program: OTL File: The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 6/24/2011 2:10:46 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.24.1, time stamp:
0x2a425e19 Faulting module name: OTL.exe, version: 3.2.24.1, time stamp: 0x2a425e19
Exception
code: 0xc000001d Fault offset: 0x0023c004 Faulting process id: 0x115c Faulting application
start time: 0x01cc329a09e32741 Faulting application path: C:\Users\Erin and Marieke\Desktop\OTL.exe
Faulting
module path: C:\Users\Erin and Marieke\Desktop\OTL.exe Report Id: 47a45b61-9e8d-11e0-b563-c80aa9a7e0ad

Error - 6/24/2011 2:10:46 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program OTL because of this error. Program: OTL File: The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 6/24/2011 2:11:15 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.24.1, time stamp:
0x2a425e19 Faulting module name: OTL.exe, version: 3.2.24.1, time stamp: 0x2a425e19
Exception
code: 0xc000001d Fault offset: 0x0023c004 Faulting process id: 0xf00 Faulting application
start time: 0x01cc329a1b2d208f Faulting application path: C:\Users\Erin and Marieke\Desktop\OTL.exe
Faulting
module path: C:\Users\Erin and Marieke\Desktop\OTL.exe Report Id: 58ea8410-9e8d-11e0-b563-c80aa9a7e0ad

Error - 6/24/2011 2:11:15 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program OTL because of this error. Program: OTL File: The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 6/24/2011 2:11:23 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.24.1, time stamp:
0x2a425e19 Faulting module name: OTL.exe, version: 3.2.24.1, time stamp: 0x2a425e19
Exception
code: 0xc000001d Fault offset: 0x0023c004 Faulting process id: 0xc08 Faulting application
start time: 0x01cc329a20345cd9 Faulting application path: C:\Users\Erin and Marieke\Desktop\OTL.exe
Faulting
module path: C:\Users\Erin and Marieke\Desktop\OTL.exe Report Id: 5df20e81-9e8d-11e0-b563-c80aa9a7e0ad

Error - 6/24/2011 2:11:23 PM | Computer Name = ErinandMarieke | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program OTL because of this error. Program: OTL File: The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 6/25/2011 12:09:28 AM | Computer Name = ErinandMarieke | Source = Windows Search Service | ID = 1019
Description =

[ System Events ]
Error - 6/22/2011 6:43:35 AM | Computer Name = ErinandMarieke | Source = volsnap | ID = 393283
Description = The shadow copy of volume C: being created failed to install.

Error - 6/22/2011 6:48:08 AM | Computer Name = ErinandMarieke | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 6/22/2011 7:15:06 AM | Computer Name = ErinandMarieke | Source = DCOM | ID = 10016
Description =

Error - 6/22/2011 7:16:58 AM | Computer Name = ErinandMarieke | Source = DCOM | ID = 10016
Description =

Error - 6/22/2011 7:52:05 AM | Computer Name = ErinandMarieke | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/22/2011 7:52:10 AM | Computer Name = ErinandMarieke | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/22/2011 7:52:15 AM | Computer Name = ErinandMarieke | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/22/2011 8:09:16 AM | Computer Name = ErinandMarieke | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%-2146762751


< End of report >



OTL logfile created on: 6/25/2011 10:12:55 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Erin and Marieke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 74.01% Memory free
7.81 Gb Paging File | 6.65 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.78 Gb Total Space | 264.58 Gb Free Space | 93.23% Space Free | Partition Type: NTFS
Drive D: | 14.00 Gb Total Space | 14.00 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ERINANDMARIEKE | User Name: Erin and Marieke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Erin and Marieke\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)


========== Modules (SafeList) ==========

MOD - C:\Users\Erin and Marieke\Desktop\OTL (1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\..Trusted Domains: microsoft.com ([beta.update] http in Trusted sites)
O15 - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\..Trusted Domains: microsoft.com ([beta.update] https in Trusted sites)
O15 - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-2072496284-2629460678-4144384044-1001\..Trusted Domains: windowsupdate.com ([download] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 03:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 03:47:08 | 000,147,456 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 10:11:56 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Erin and Marieke\Desktop\OTL (1).exe
[2011/06/24 13:09:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Erin and Marieke\Desktop\OTL.exe
[2011/06/23 22:36:44 | 000,000,000 | ---D | C] -- C:\PFiles
[2011/06/23 11:48:52 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\Documents\SimCity 4
[2011/06/23 11:48:39 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/23 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2011/06/23 07:24:49 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\Documents\My ooVoo
[2011/06/22 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Chrome
[2011/06/22 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\ooVoo Details
[2011/06/22 16:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/06/22 16:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2011/06/22 15:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/22 15:02:12 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/22 13:03:42 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\Desktop\School
[2011/06/22 12:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SlimPDFReader
[2011/06/22 11:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/06/22 11:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/06/22 10:57:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/06/22 10:57:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/06/22 10:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/06/22 10:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/06/22 10:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/06/22 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Adobe
[2011/06/22 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Avant Downloader
[2011/06/22 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Avant Profiles
[2011/06/22 10:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
[2011/06/22 10:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avant Browser
[2011/06/22 10:04:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/06/22 10:04:42 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/06/22 10:04:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/06/22 10:04:42 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/06/22 09:44:00 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/22 09:44:00 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/22 09:44:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/22 09:43:59 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/22 09:39:16 | 000,000,000 | ---D | C] -- C:\437a32c5339f23fa3ad32bdf
[2011/06/22 09:29:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/06/22 09:29:55 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/06/22 09:29:54 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/06/22 09:29:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/06/22 09:29:53 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/22 09:29:52 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/06/22 09:29:45 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/06/22 09:29:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/06/22 09:29:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/06/22 09:29:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/06/22 09:29:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/06/22 09:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/06/22 09:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/06/22 09:20:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/22 09:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/22 09:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/06/22 09:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/06/22 09:16:57 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Microsoft Help
[2011/06/22 09:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/06/22 09:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/06/22 09:16:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/06/22 09:01:03 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\IrfanView
[2011/06/22 09:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011/06/22 08:45:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/06/22 08:45:31 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/06/22 08:45:31 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/06/22 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/06/22 08:45:30 | 002,603,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/06/22 08:45:30 | 001,964,576 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/06/22 08:45:30 | 001,216,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/06/22 08:45:30 | 001,146,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/06/22 08:45:30 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/06/22 08:45:30 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/06/22 08:45:30 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/06/22 08:45:30 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/06/22 08:45:30 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/06/22 08:45:30 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/06/22 08:45:30 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/06/22 08:45:30 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/06/22 08:45:30 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/06/22 08:45:30 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/06/22 08:45:29 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/06/22 08:45:29 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011/06/22 08:45:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/06/22 08:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/06/22 08:45:27 | 001,251,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/06/22 08:45:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/06/22 08:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/06/22 08:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/06/22 08:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/06/22 08:43:15 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\agrsmdel.exe
[2011/06/22 08:43:15 | 000,014,848 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\agrsco64.dll
[2011/06/22 08:43:15 | 000,013,824 | ---- | C] (LSI Corporation) -- C:\Windows\SysWow64\agrscoin.dll
[2011/06/22 08:43:13 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/06/22 08:41:23 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011/06/22 08:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/06/22 08:41:05 | 000,000,000 | ---D | C] -- C:\Intel
[2011/06/22 08:41:04 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/06/22 08:15:03 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Diagnostics
[2011/06/22 08:12:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/22 08:12:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/22 08:09:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2011/06/22 08:01:22 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Microsoft Games
[2011/06/22 07:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/06/22 07:37:15 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Macromedia
[2011/06/22 07:37:15 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Adobe
[2011/06/22 07:37:09 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/22 07:36:37 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Google
[2011/06/22 07:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/22 07:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/22 07:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/06/22 07:13:07 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\WindowsUpdate
[2011/06/21 23:15:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/06/21 23:15:43 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/06/21 22:17:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/06/21 22:16:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/21 21:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/06/21 21:43:04 | 000,121,504 | R--- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys.e0f9.deleteme
[2011/06/21 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/06/21 21:35:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CatRoot2_20116228635
[2011/06/21 21:34:57 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/06/21 21:25:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/06/21 21:25:04 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/06/21 21:25:03 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/06/21 21:25:03 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/06/21 21:25:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/06/21 21:25:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/06/21 21:25:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/06/21 21:25:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/06/21 21:24:55 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/06/21 21:24:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/06/21 21:24:48 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/21 21:24:48 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/06/21 21:24:47 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/06/21 21:24:47 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/21 21:24:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/21 21:24:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/21 21:24:45 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/06/21 21:24:45 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/06/21 21:24:45 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/06/21 21:24:45 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/06/21 21:24:44 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/06/21 21:24:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/06/21 21:24:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/06/21 21:24:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/06/21 21:24:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/06/21 21:24:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/06/21 21:24:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/06/21 21:24:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/06/21 21:24:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/06/21 21:24:37 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/06/21 21:24:37 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/06/21 21:24:37 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/06/21 21:24:36 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/21 21:24:36 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/06/21 21:24:36 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/06/21 21:24:36 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/06/21 21:24:36 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/06/21 21:24:31 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/06/21 21:15:20 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/21 21:15:20 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Searches
[2011/06/21 21:15:20 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/21 21:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Erin and Marieke\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/21 21:15:09 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Identities
[2011/06/21 21:15:05 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Contacts
[2011/06/21 21:15:04 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\VirtualStore
[2011/06/21 21:14:55 | 000,000,000 | --SD | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Videos
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Saved Games
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Pictures
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Music
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Links
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Favorites
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Downloads
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\My Documents
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\Desktop
[2011/06/21 21:14:55 | 000,000,000 | R--D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\AppData\Local\Temporary Internet Files
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Templates
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Start Menu
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\SendTo
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Recent
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\PrintHood
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\NetHood
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Documents\My Videos
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Documents\My Pictures
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Documents\My Music
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\My Documents
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Local Settings
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\AppData\Local\History
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Cookies
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\Application Data
[2011/06/21 21:14:55 | 000,000,000 | -HSD | C] -- C:\Users\Erin and Marieke\AppData\Local\Application Data
[2011/06/21 21:14:55 | 000,000,000 | -H-D | C] -- C:\Users\Erin and Marieke\AppData
[2011/06/21 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Temp
[2011/06/21 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Local\Microsoft
[2011/06/21 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Erin and Marieke\AppData\Roaming\Media Center Programs
[2011/06/21 21:14:41 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/06/21 21:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/06/25 10:11:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Erin and Marieke\Desktop\OTL (1).exe
[2011/06/25 09:41:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072496284-2629460678-4144384044-1001UA.job
[2011/06/25 07:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072496284-2629460678-4144384044-1001Core.job
[2011/06/25 06:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/24 22:14:45 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 22:14:45 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/24 13:09:29 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Erin and Marieke\Desktop\OTL.exe
[2011/06/23 11:39:16 | 000,000,531 | ---- | M] () -- C:\Windows\eReg.dat
[2011/06/23 08:57:35 | 000,024,455 | ---- | M] () -- C:\Users\Erin and Marieke\Desktop\ErinsEntourage.jpg
[2011/06/23 08:31:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/23 08:26:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/23 08:26:14 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/23 08:26:14 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/23 08:21:51 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 16:46:15 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/22 15:02:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/22 10:31:29 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2011/06/22 10:31:28 | 000,001,945 | ---- | M] () -- C:\Users\Erin and Marieke\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2011/06/22 09:52:14 | 000,341,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/22 07:37:10 | 000,002,377 | ---- | M] () -- C:\Users\Erin and Marieke\Desktop\Google Chrome.lnk
[2011/06/22 07:32:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/21 23:15:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/21 22:19:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/21 22:19:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/21 22:17:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2011/06/23 11:39:16 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/23 08:57:35 | 000,024,455 | ---- | C] () -- C:\Users\Erin and Marieke\Desktop\ErinsEntourage.jpg
[2011/06/23 08:31:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/22 16:46:15 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/22 10:31:29 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Avant Browser.lnk
[2011/06/22 10:31:28 | 000,001,945 | ---- | C] () -- C:\Users\Erin and Marieke\Application Data\Microsoft\Internet Explorer\Quick Launch\Avant Browser.lnk
[2011/06/22 08:45:32 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2011/06/22 08:45:32 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2011/06/22 07:37:10 | 000,002,377 | ---- | C] () -- C:\Users\Erin and Marieke\Desktop\Google Chrome.lnk
[2011/06/22 07:36:38 | 000,000,952 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072496284-2629460678-4144384044-1001UA.job
[2011/06/22 07:36:37 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072496284-2629460678-4144384044-1001Core.job
[2011/06/22 07:32:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/21 23:15:45 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/06/21 23:15:43 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/06/21 22:19:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/06/21 22:19:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/06/21 22:17:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/21 22:16:33 | 3144,871,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 21:14:55 | 000,000,290 | ---- | C] () -- C:\Users\Erin and Marieke\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/21 21:14:55 | 000,000,272 | ---- | C] () -- C:\Users\Erin and Marieke\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/03/05 11:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/03/05 11:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 11:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/05 11:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 11:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 25 June 2011 - 05:48 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 03:47:08 | 000,147,456 | R--- | M] ()
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 NederAmerikaanse

NederAmerikaanse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 25 June 2011 - 06:50 PM

Hello again,
So far, so good.
I had to reboot before i was able to run OTL again (i downloaded it to desktop with Chrome)
and it worked.
Here are the results:


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ not found.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\Windows\SysNative\igfxdev.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{039f22d2-9c7e-11e0-ad30-806e6f6e6963}\ not found.
File E:\RunGame.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Erin and Marieke\Desktop\cmd.bat deleted successfully.
C:\Users\Erin and Marieke\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Erin and Marieke
->Temp folder emptied: 21999 bytes
->Temporary Internet Files folder emptied: 1196434 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Erin and Marieke
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06252011_184451

Files\Folders moved on Reboot...
C:\Users\Erin and Marieke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



By the way, forgive my naive question, but what is this? Is it possibly due to my friend downloading
a bunch or trash (About 8 gigs of movies and music) with utorrent?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users