InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Virus in computer i think slowing computer right down :(? |
|
Answer» Still got some the Background on my screen is just black now no picture i have tried to put the 1 back on but will not let me also When you go into documents all the files have no picture of a file just a name but you have to click the invisible file Maybe be easier just to make back up disc of WINDOWS VISTA if can find the file of it put on disc then wipe computer not done that for over 2 years so might just need wiping clean GOOD CLEAN UP, Like still don't know what the TASK ENG.EXE running 3 times when i look at task manager it will not let me close it all them down when i close others it just starts up again few seconds later. Still got some the Background on my screen is just black now no picture i have tried to put the 1 back on but will not let me also When you go into documents all the files have no picture of a file just a name but you have to click the invisible fileThis sounds like a monitor or driver problem Can you give me screenshots of these two problems? How to post screenshots or images Quote Do you think we will be able to work out what the trouble is ??, Have you seen anything wrong so far in any of the logs that might be 1 of the problems if there is more than 1 i say they is.I haven't seen anything that would cause this sort of problems. Did you install anything new or make any changes to your computer prior to these problems beginning? Please run this even if you don't have the disk. 1/ Click the Start button. 2/ From the Start Menu, Click All programs followed by Accessories. 3/ In the Accessories menu, Right Click on the Command Prompt option. 4/ From the drop down menu that appears, Click on the Run as administrator option. 5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc. 6/ In the Command Prompt window, type: sfc /scannow and then press Enter. 7/ A message will appear stating that the system scan will begin. 8/ Be patient because the scan may take some time. 9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. 10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations. 11/ After the scan has completed, Close the command prompt window. Sorry was not faster with replies computer acting up now,The question you asked about did I install anything before this happened well the online game i play called CONQUER ONLINE done a Auto Update and when it was done the MS REMOVAL TOOL CAME UP?? , I have been playing this game over 4yrs now and sometime there is just a problem with update but not a virus i have asked a few friends on the site as well if they got a virus from the update and all say no & none detected as well. IMAGES that you asked for. SCREEN SHOT : http://img151.imageshack.us/img151/558/blackscreen.jpg[/IMG] By jenzos FILE SHOT : http://img713.imageshack.us/img713/9783/justfilenames.jpg[/IMG] By jenzos The scan that you ask me to run i have done but it will not let me get the CBS logs from the Windows file just says ACCESS DENIED SORRY COULD NOT GET LOG FOR YOU THIS TIME . will try again when you might have way to get logs THANK YOU SuperDave for all the time that you have spared for helping me on this matter PURE LIFE SAVER SO FAR computer still going I know you will get it ALL WORKING AGAIN JENZO Thank you. Did you try adding some wallpaper to you desktop? As for the filenames, try clicking on view and choose a different setting such as thumbnails. Did you try to run SFC as described in Reply # 18? Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop. Note: please close all other applications running on your system. Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue. Click the Settings button. Set the slider to Maximum. IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports. On the General tab, make sure all of the boxes are checked. On the Misc tab, make sure all the checkboxes are checked. Then, click OK on the windows that you launched. Click Create Report to run it. It will begin scanning. It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please SUBMIT it manually by going to the site and doing the upload process. It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.. This is the Link for the scan you ask me to run. http://www.getsysteminfo.com/read.php?file=9611b27f6d736101e8a00701428f6410 Also i did run the SFC scan that you ask me to as i said in last report it would not let me get logs from CBS kept saying ACCESS DENIED. but did run the scan as you said just the logs could not get for you i found them no problem but would not let me open them. THANK YOU SuperDave JENZO Quote Also i did run the SFC scan that you ask me to as i said in last report it would not let me get logs from CBS kept saying ACCESS DENIED. but did run the scan as you said just the logs could not get for you i found them no problem but would not let me open them.I don't believe SFC will produce a log. If it finds a corrupt file it will replace it with one from the disk. If there is no disk, then it will ask for the disk. That's a tipoff that there's something amiss with the files. Did you try my suggestions for the black screen and the files? Download OTL to your Desktop
msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s c:\$recycle.bin\*.* /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles
LOG FOR OTL: OTL logfile created on: 20/04/2011 10:41:53 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jenzo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458.92 Gb Total Space | 195.68 Gb Free Space | 42.64% Space Free | Partition Type: NTFS Computer Name: MY | User Name: Jenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/20 10:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jenzo\Desktop\OTL.exe PRC - [2011/04/11 17:12:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/11 17:12:58 | 000,281,768 | ---- | M] (Avira GmbH) -- c:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/04/11 17:12:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/23 09:20:39 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2011/03/19 07:13:34 | 011,857,920 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe PRC - [2011/03/19 07:10:46 | 002,437,120 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EADM.exe PRC - [2011/03/19 07:05:02 | 000,759,088 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EADMUI\EACoreServer.exe PRC - [2011/03/18 18:57:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/02/22 14:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe PRC - [2011/01/07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/12/14 13:34:57 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010/01/14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (SafeList) ========== MOD - [2011/04/20 10:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jenzo\Desktop\OTL.exe MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (ServiceLayer) SRV - [2011/04/11 17:12:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/11 17:12:58 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/04/11 17:12:58 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/04/11 17:12:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/03/23 09:20:39 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/04/17 02:43:32 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011/04/17 02:43:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011/04/11 17:12:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/04/11 17:12:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/02/22 14:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2011/02/22 14:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2011/02/22 14:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010/12/02 23:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010/08/16 08:50:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/08/16 08:50:14 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2010/08/16 08:50:14 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010/05/26 21:12:57 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008/01/21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter) DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006/07/10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENGB/110 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 45 3A 13 17 56 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.en gineName: "ZoneAlarm Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: [email protected]:20110101 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 11:13:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 11:13:51 | 000,000,000 | ---D | M] [2009/08/24 15:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Extensions [2011/04/10 06:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions [2010/04/27 08:48:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/29 21:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(12) [2011/03/25 08:44:07 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011/04/10 06:04:31 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\[email protected] [2010/12/17 16:14:25 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\[email protected] [2011/03/12 16:39:26 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\extensions\[email protected] [2010/06/08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\4w1ng7ty.default\searchplugins\conduit.xml [2011/03/24 11:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/12/18 13:35:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/07/23 15:20:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/08 15:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/13 02:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/16 19:03:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/17 23:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\JENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4W1NG7TY.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI () (No name found) -- C:\USERS\JENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4W1NG7TY.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\JENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4W1NG7TY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/05/05 06:17:35 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/04/13 05:29:58 | 000,000,052 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts) O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Jenzo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Jenzo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [ = comfile] -- "%1" %* O37 - HKLM\...exe [ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Jenzo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk - Reg Error: Value error. - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{0d6d480a-b17b-4aa2-9156-ce888156e8d2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2011/04/20 10:41:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jenzo\Desktop\OTL.exe [2011/04/19 20:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/04/19 20:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/04/19 19:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/04/19 19:55:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/04/19 19:14:59 | 000,611,624 | ---- | C] (Kaspersky Lab) -- C:\Users\Jenzo\Desktop\GetSystemInfo.exe [2011/04/18 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{8B8FDA98-FB47-4CCE-AA3A-3F13D3197CFC} [2011/04/17 21:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpecialBit [2011/04/17 19:05:50 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{8D72AA64-1097-4593-8FB2-B6EA9F1B5658} [2011/04/17 02:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Roaming\Games [2011/04/17 02:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011/04/17 02:41:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2011/04/17 02:41:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2011/04/17 02:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2011/04/17 02:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus [2011/04/17 02:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Focus [2011/04/17 02:33:16 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{E3B986F9-998E-42C2-957C-8DCCEE57C0D2} [2011/04/16 16:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpecialBit Games [2011/04/16 16:42:22 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel II - Believe the Lies [2011/04/16 16:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel II - Believe the Lies [2011/04/16 16:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Hotel II - Believe the Lies [2011/04/16 16:41:44 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel [2011/04/16 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel [2011/04/16 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Hotel [2011/04/16 16:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient [2011/04/16 16:41:25 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2011/04/16 13:16:34 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{A66A2B64-BA03-414A-933F-BCD41AE937C5} [2011/04/16 01:55:06 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\Documents\Battlefield 2 [2011/04/16 01:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo [2011/04/16 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{5A7887E3-D55B-4CD5-AF36-C827D7669E15} [2011/04/15 22:05:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/04/15 11:13:09 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\Desktop\Kew Association V Barnes [2011/04/15 08:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/04/15 02:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{5D0BABCF-8578-4EDB-81BE-C0B63D612E95} [2011/04/13 05:38:35 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{A17467E1-0301-4E81-A57F-109882E50878} [2011/04/13 05:38:25 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Roaming\Windows Live Writer [2011/04/13 05:38:25 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\Windows Live Writer [2011/04/13 05:04:56 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{E25CE24C-2DDA-4EF2-BAB5-44F2D3321744} [2011/04/11 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Roaming\Avira [2011/04/11 14:33:07 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\Documents\Battlefield Play4Free [2011/04/10 16:06:21 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{CD71DF95-AEE1-46FB-9877-BA17845BEF77} [2011/04/10 04:05:54 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{5E4A142B-A8AC-42A6-91B9-0899EDDA128F} [2011/04/09 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{0BEE5CEB-D003-4DB2-96AD-558A1342BF4E} [2011/04/07 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\Macroplant,_LLC [2011/04/06 11:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011/04/05 15:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{1355D98B-7E6E-4CD4-86CB-D61DF846BD8F} [2011/04/05 03:39:24 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{4F75B93E-DEE1-4CBF-A3F9-2AE5EA85919D} [2011/03/31 11:41:52 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\Documents\SHIFT 2 UNLEASHED [2011/03/31 10:17:43 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\{223F4ADE-FE60-40AF-858A-67E46B993228} [2011/03/28 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\AppData\Local\Macroplant [2011/03/28 11:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Explorer [2011/03/27 05:40:28 | 000,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll [2011/03/27 05:40:28 | 000,028,672 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys [2011/03/27 03:32:49 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\.shsh [2011/03/25 15:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 [2011/03/25 15:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2 [2011/03/25 09:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/03/22 09:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jenzo\Favorites [2010/10/04 12:01:30 | 000,726,384 | ---- | C] (Electronic Arts) -- C:\Program Files\AutoRun.exe [2009/08/26 13:26:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jenzo\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/20 10:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jenzo\Desktop\OTL.exe [2011/04/20 10:32:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/04/19 20:41:45 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/19 20:41:45 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/19 20:29:31 | 000,000,799 | ---- | M] () -- C:\Users\Jenzo\Desktop\cleanup.bat [2011/04/19 20:18:06 | 329,933,934 | ---- | M] () -- C:\Users\Jenzo\Desktop\sn0wbreeze_iPhone 3G-4.2.1.ipsw [2011/04/19 20:15:52 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/04/19 19:23:27 | 000,292,565 | ---- | M] () -- C:\Users\Jenzo\Desktop\GetSystemInfo_MY_Jenzo_2011_04_19_19_19_22.zip [2011/04/19 19:14:59 | 000,611,624 | ---- | M] (Kaspersky Lab) -- C:\Users\Jenzo\Desktop\GetSystemInfo.exe [2011/04/19 13:16:33 | 001,116,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/04/19 13:16:33 | 000,362,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/04/17 22:40:20 | 000,002,305 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/04/17 22:26:37 | 338,579,762 | R--- | M] () -- C:\Users\Jenzo\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw [2011/04/17 02:43:32 | 000,279,712 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys [2011/04/17 02:43:32 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys [2011/04/17 02:41:02 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk [2011/04/16 16:42:46 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Play Haunted Hotel II - Believe the Lies.lnk [2011/04/16 16:41:59 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Play Haunted Hotel.lnk [2011/04/16 16:41:31 | 000,001,729 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk [2011/04/16 16:41:31 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk [2011/04/16 12:48:42 | 026,093,317 | ---- | M] () -- C:\Users\Jenzo\Documents\EA-Battlefield-Bad-Company-2.zip [2011/04/16 02:09:43 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Play BF2 SF Online Now!.lnk [2011/04/16 02:09:43 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk [2011/04/16 01:51:38 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Play BF2 Online Now!.lnk [2011/04/16 01:51:38 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2011/04/15 12:16:00 | 000,333,100 | ---- | M] () -- C:\Users\Jenzo\AppData\Roaming\vso_ts_preview.xml [2011/04/15 09:05:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011/04/15 08:06:13 | 000,303,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/04/15 02:01:16 | 000,000,574 | ---- | M] () -- C:\cleanup.bat [2011/04/13 21:20:41 | 000,138,264 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011/04/13 21:20:10 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011/04/13 20:48:50 | 000,000,104 | ---- | M] () -- C:\Users\Jenzo\Desktop\Recycle Bin - Shortcut.lnk [2011/04/13 20:16:24 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/04/13 10:57:27 | 000,071,282 | ---- | M] () -- C:\Users\Jenzo\Documents\Great New Movies BY JENZO.XtoDVD [2011/04/13 05:29:58 | 000,000,052 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/04/11 17:12:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/04/11 17:12:59 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011/04/10 06:23:37 | 000,138,056 | ---- | M] () -- C:\Users\Jenzo\AppData\Roaming\PnkBstrK.sys [2011/04/10 06:13:11 | 000,902,709 | ---- | M] () -- C:\Users\Jenzo\Documents\iTunes Diagnostics.spx [2011/04/10 06:13:11 | 000,003,916 | ---- | M] () -- C:\Users\Jenzo\Documents\iTunes Diagnostics.rtf [2011/04/10 04:22:15 | 000,015,699 | ---- | M] () -- C:\Users\Jenzo\AppData\Roaming\UserTile.png [2011/04/09 13:20:10 | 000,000,948 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/04/06 11:42:13 | 000,000,620 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\vlc-1.1.8-win32 - Shortcut.lnk [2011/04/06 11:30:59 | 020,586,196 | ---- | M] () -- C:\Users\Jenzo\Documents\vlc-1.1.8-win32.exe [2011/04/05 02:08:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011/04/05 02:08:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011/04/05 02:08:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/04/03 15:37:05 | 000,002,401 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2011/03/31 11:41:39 | 000,000,136 | ---- | M] () -- C:\Users\Jenzo\Desktop\SHIFT 2 UNLEASHED™.LNK [2011/03/29 18:10:46 | 000,001,356 | ---- | M] () -- C:\Users\Jenzo\AppData\Local\d3d9caps.dat [2011/03/29 17:05:40 | 000,000,080 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella [2011/03/29 15:09:10 | 000,604,499 | ---- | M] () -- C:\Users\Jenzo\Desktop\greenpois0n rc5.exe [2011/03/28 15:36:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/03/28 06:15:37 | 005,298,620 | ---- | M] () -- C:\Users\Jenzo\Desktop\greenpois0n rc6.exe [2011/03/27 23:04:48 | 000,000,799 | ---- | M] () -- C:\Windows\System32\cleanup.bat [2011/03/27 22:48:33 | 018,147,328 | ---- | M] (iH8sn0w) -- C:\Users\Jenzo\Desktop\sn0wbreeze-2.2.1.exe [2011/03/25 15:21:52 | 000,001,669 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/03/25 15:14:46 | 000,000,775 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerGuardian.lnk [2011/03/25 15:14:46 | 000,000,751 | ---- | M] () -- C:\Users\Jenzo\Desktop\PeerGuardian.lnk [2011/03/25 05:59:56 | 000,000,136 | ---- | M] () -- C:\Users\Jenzo\Desktop\Crysis® 2 - Shortcut.lnk [2011/03/24 13:50:18 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011/03/24 11:13:54 | 000,000,875 | ---- | M] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/03/24 11:13:54 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/03/23 09:09:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [18 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/19 20:29:31 | 000,000,799 | ---- | C] () -- C:\Users\Jenzo\Desktop\cleanup.bat [2011/04/19 20:17:05 | 329,933,934 | ---- | C] () -- C:\Users\Jenzo\Desktop\sn0wbreeze_iPhone 3G-4.2.1.ipsw [2011/04/19 20:15:52 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/04/19 19:20:59 | 000,292,565 | ---- | C] () -- C:\Users\Jenzo\Desktop\GetSystemInfo_MY_Jenzo_2011_04_19_19_19_22.zip [2011/04/17 22:21:47 | 338,579,762 | R--- | C] () -- C:\Users\Jenzo\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw [2011/04/17 02:41:15 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011/04/17 02:41:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011/04/17 02:41:02 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk [2011/04/16 16:42:46 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Play Haunted Hotel II - Believe the Lies.lnk [2011/04/16 16:41:59 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Play Haunted Hotel.lnk [2011/04/16 16:41:31 | 000,001,729 | ---- | C] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk [2011/04/16 16:41:31 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk [2011/04/16 16:41:31 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk [2011/04/16 12:47:08 | 026,093,317 | ---- | C] () -- C:\Users\Jenzo\Documents\EA-Battlefield-Bad-Company-2.zip [2011/04/16 02:09:43 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Play BF2 SF Online Now!.lnk [2011/04/16 02:09:43 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk [2011/04/16 01:51:38 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Play BF2 Online Now!.lnk [2011/04/16 01:51:38 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2011/04/15 02:01:16 | 000,000,574 | ---- | C] () -- C:\cleanup.bat [2011/04/13 10:57:27 | 000,071,282 | ---- | C] () -- C:\Users\Jenzo\Documents\Great New Movies BY JENZO.XtoDVD [2011/04/10 04:22:15 | 000,015,699 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\UserTile.png [2011/04/06 11:42:13 | 000,000,620 | ---- | C] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\vlc-1.1.8-win32 - Shortcut.lnk [2011/04/06 11:30:42 | 020,586,196 | ---- | C] () -- C:\Users\Jenzo\Documents\vlc-1.1.8-win32.exe [2011/04/05 02:08:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/03/31 11:41:39 | 000,000,136 | ---- | C] () -- C:\Users\Jenzo\Desktop\SHIFT 2 UNLEASHED™.LNK [2011/03/27 22:44:51 | 000,000,799 | ---- | C] () -- C:\Windows\System32\cleanup.bat [2011/03/27 02:24:25 | 000,902,709 | ---- | C] () -- C:\Users\Jenzo\Documents\iTunes Diagnostics.spx [2011/03/27 02:24:25 | 000,003,916 | ---- | C] () -- C:\Users\Jenzo\Documents\iTunes Diagnostics.rtf [2011/03/25 15:21:52 | 000,001,669 | ---- | C] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/03/25 15:14:46 | 000,000,775 | ---- | C] () -- C:\Users\Jenzo\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerGuardian.lnk [2011/03/25 15:14:46 | 000,000,751 | ---- | C] () -- C:\Users\Jenzo\Desktop\PeerGuardian.lnk [2011/03/25 05:59:56 | 000,000,136 | ---- | C] () -- C:\Users\Jenzo\Desktop\Crysis® 2 - Shortcut.lnk [2011/03/24 11:13:54 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/03/24 11:13:54 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/03/12 16:58:21 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/12/18 13:40:37 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/16 15:25:49 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010/12/03 06:42:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/10/04 12:01:30 | 000,000,157 | ---- | C] () -- C:\Program Files\autorun.inf [2010/10/04 12:01:28 | 009,822,208 | ---- | C] () -- C:\Program Files\autorun.dat [2010/10/04 12:01:28 | 000,000,185 | ---- | C] () -- C:\Program Files\p0.cab [2010/10/04 12:01:22 | 063,013,682 | ---- | C] () -- C:\Program Files\o0.cab [2010/10/04 11:59:28 | 1508,976,877 | ---- | C] () -- C:\Program Files\d0.cab [2010/10/04 11:59:28 | 006,866,468 | ---- | C] () -- C:\Program Files\c0.cab [2010/10/04 11:59:24 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010/10/04 11:59:08 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010/10/04 11:59:02 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe [2010/10/04 11:59:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010/07/30 17:41:14 | 000,001,184 | ---- | C] () -- C:\Windows\eReg.dat [2010/05/05 07:58:25 | 000,000,597 | ---- | C] () -- C:\Windows\wininit.ini [2010/04/08 16:44:47 | 000,001,356 | ---- | C] () -- C:\Users\Jenzo\AppData\Local\d3d9caps.dat [2010/03/19 19:47:58 | 000,138,056 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\PnkBstrK.sys [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009/10/07 12:38:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2009/10/07 12:38:38 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2009/09/27 07:10:34 | 000,000,100 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\wklnhst.dat [2009/09/23 12:12:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/23 12:12:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/08/26 13:27:06 | 000,333,100 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\vso_ts_preview.xml [2009/08/26 13:26:35 | 000,007,887 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\pcouffin.cat [2009/08/26 13:26:35 | 000,001,144 | ---- | C] () -- C:\Users\Jenzo\AppData\Roaming\pcouffin.inf [2009/08/26 13:17:37 | 000,007,680 | ---- | C] () -- C:\Users\Jenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/23 16:57:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,303,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 001,116,318 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,362,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011/04/19 18:55:54 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\BitTorrent [2010/03/26 20:30:01 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\CBS Interactive [2010/07/15 10:22:02 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\CheckPoint [2009/11/16 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/07/21 12:31:26 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\ESET [2010/11/17 00:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Flood Light Games [2010/11/16 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\FloodLightGames [2011/04/17 02:44:55 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Games [2010/12/03 06:46:20 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\MAGIX [2010/09/22 10:58:26 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Mount&Blade Warband [2010/09/09 12:02:02 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Need for Speed World [2010/02/03 22:10:07 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Nokia [2010/02/03 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\PC Suite [2010/10/13 00:38:54 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\ProtectDISC [2010/07/02 12:00:11 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Samsung [2010/05/27 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\SEGA Corporation [2010/06/05 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Sports Interactive [2011/04/16 12:44:18 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\SystemRequirementsLab [2009/09/27 07:12:06 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Template [2010/11/16 09:40:40 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Tropico 3 Demo [2010/03/27 21:45:26 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\TS3Client [2010/04/10 11:08:11 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Ubisoft [2011/04/15 12:16:01 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Vso [2011/04/13 05:38:25 | 000,000,000 | ---D | M] -- C:\Users\Jenzo\AppData\Roaming\Windows Live Writer [2011/04/16 12:17:23 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < %systemroot%\*. /mp /s > < c:\$recycle.bin\*.* /s > [2011/04/18 08:57:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$I1D7MMA.mp3 [2011/04/18 09:01:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$I9WYJ2Q.mp3 [2011/04/20 10:40:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$IFS6Z3O.html [2011/04/19 19:53:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$IKZU7Q2.ipa [2011/04/18 08:57:10 | 058,959,727 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R1D7MMA.mp3 [2011/04/18 08:53:09 | 031,099,986 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R9WYJ2Q.mp3 [2011/04/20 10:39:44 | 000,009,390 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RFS6Z3O.html [2011/03/12 22:24:23 | 021,372,799 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RKZU7Q2.ipa [2010/07/21 10:15:23 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\desktop.ini [2010/10/26 21:17:00 | 000,000,402 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R0HRNJ1\Favorites\desktop.ini [2010/04/09 06:58:44 | 000,000,080 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R0HRNJ1\Favorites\Links\desktop.ini [2009/10/19 12:32:19 | 000,000,382 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R2TESFY\desktop.ini [2009/05/15 23:23:34 | 000,000,317 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R2TESFY\Black Eyed Peas - Monkey Business (2005) - 320 KBPS by blondu4all\desktop.ini [2009/08/30 19:39:16 | 000,000,296 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$R7NZS7O\desktop.ini [2009/10/10 11:56:18 | 000,000,391 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RAO8EEK\desktop.ini [2009/06/14 14:33:22 | 000,000,328 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RDFEJXC\desktop.ini [2010/03/22 07:21:50 | 000,000,362 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RHTRIBM\desktop.ini [2010/03/22 07:31:35 | 000,000,298 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RITT528\desktop.ini [2009/10/19 12:33:04 | 000,000,322 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RRX81K4\desktop.ini [2010/03/26 20:33:27 | 000,000,402 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RV620Y3\Favorites\desktop.ini [2010/10/26 21:27:00 | 000,000,402 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RX6G98Z\Favorites\desktop.ini [2010/11/06 21:31:31 | 000,000,080 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RX6G98Z\Favorites\Links\desktop.ini [2010/12/15 06:27:00 | 000,000,402 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RY566S7\Favorites\desktop.ini [2011/01/08 09:53:09 | 000,000,080 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RY566S7\Favorites\Links\desktop.ini [2009/11/10 14:48:49 | 000,000,391 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2445409639-1796169833-2764227393-1000\$RZ6T9NS\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-19 08:28:52 < MD5 for: AGP440.SYS > [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) I was looking at ThreatFire under the ADVANCED TOOLS >> SYSTEM ACTIVITY MONITOR >> PROTECTED and i found a file by the name of 6ac3f99b-de48-4ea7-8e9d-9ab6f1df2286.exe I tried to look this file up on the start menu but nothing came up & asked for more info on this file but nothing , I have looked it up on goggle but nothing on there as well so just wondering if this was any good to you just in case might mean something to you. Hope this helps you in any way THANKS FOR ALL THE HELP SO FAR SuperDave JENZO I look in my ThreatFire but I can't find Protection in Advanced Tools. Neither can I find that exe file. It's been about one week since we started this cleaning. Other than the black background, is there anything else wrong with the computer? If Vista came install do you have the Recovery Console installed?With ThreatFire on the Advance Tools made a pic of the place to find it PROTECED is at the bottom on the left list on pic the program is not there now By jenzos at 2011-04-20 the computer is still slow the anti virus keeps closing down by itself then back on again. I know might have to wipe computer but 1 thing I HAVE NO RECOVERY DISC did not get 1 with computer when new it came installed with VISTA already is there a way to make RECOVERY DISC if so if you can tell me i do that & wipe computer start from new because you cannot find nothing so what ever it is attacking my computer is hiding well from you IF YOU CANNOT FIND IT SuperDave then i have no chance but to wipe it . If you can please tell me where to get main Vista file to make BACK UP DISC i do that will not take up more of your time you have tried your best for me you helped me out 2 times before & we cleaned up the computers but this 1 has got me THANK YOU FOR THE HELP SO FAR SuperDave sorry if wasted your time if i wipe computer JENZO JUST FOUND IN TREATFIRE Quarantine: FILE C:\CLEANUP.EXE Trojan.Zapchast!sd6 15/04/11 02:08:07 Computer just keeps freezing up when your typing or opening programs & as i said SECURITY system keeps shutting & opening up when it likes My version of ThreatFire doesn't have that tab. Quote I HAVE NO RECOVERY DISC did not get 1 with computer when new it came installed with VISTA already is there a way to make RECOVERY DISC if so if you can tell me i do that & wipe computer start from new because you cannot find nothing so what ever it is attacking my computer is hiding well from you IF YOU CANNOT FIND IT SuperDave then i have no chance but to wipe itIt either has the Recovery Console installed or you have the ability to create a RC disk. That's what I had to do with my laptop. Of course, that was a few years ago. I would imagine they all come with the RC installed. If it's there, you should see a separate partition on your C: drive Quote If you can please tell me where to get main Vista file to make BACK UP DISC i do that will not take up more of your time you have tried your best for me you helped me out 2 times before & we cleaned up the computers but this 1 has got meOn my laptop it has a Recovery Disk Creator. You probably should ask that question in the Vista forum Quote THANK YOU FOR THE HELP SO FAR SuperDave sorry if wasted your time if i wipe computerYou're welcome but I don't consider it a waste of time. We've run a lot of scans and really couldn't find anything serious.Thank you so much for all the time that you have spent helping me. i think i look into one of the courses that teach you how to look for & fix spyware & malaware would be good to help people give something back. will let you know how i get on i have to go away tomorrow so back in 2 weeks so will leave you a PM how i get on. Take Care mate all the best SuperDave JENZO Quote i think i look into one of the courses that teach you how to look for & fix spyware & malaware would be good to help people give something back.Great, I could use the help. Thanks. I will lock this thread. If you need it re-opened, please send me a pm. |
|
