InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2151. |
Solve : What is p4s.exe?? |
|
Answer» The other day my anti-virus popped up asking me if i will allow access to p4s.exe...I denied it because I had no idea what it is... The process BELONGS to the software p4s.exe or Perforce Core Components by unknown. Taken from http://www.file.net/process/p4s.exe.html on 16/7/09 BUT on another website, it says that it is a vital component of Perforce Software. If you have any Perforce software on your computer, it would either be advisable to unblock p4s.exe (only if you trust it) or uninstall the software. hxxp://www.anti-spy.info/process/p4s.exe.html <- Link disabled Click http://perforce.com/>> How to scan SUSPICIOUS files < |
|
| 2152. |
Solve : Can you take a quick look at my logs to see if I'm infected? Thanks!? |
|
Answer» Hi, |
|
| 2153. |
Solve : Too many programs?? |
|
Answer» This is more of a question, rather than a problem. Currently, I am using AVG Anti VIRUS. I have Comodo FIREWALL with Defense+, I have Prevx 3.0, which only scans my computer but won't remove MALWARE unless I pay for it, so kinda useless. I also have MalwareBytes Anti Malware and Spybot Search and Destroy. |
|
| 2154. |
Solve : win32 heur? |
|
Answer» can this *censored* put itself into my motherboard? Had a clean install of XP+SP3 and only visited MS update and by God it was back again.....what now? clean install of XP+SP3Did you reformat and reinstall? You have to do both. Do you use filesharing often? Torrents, Limewire, Frostwire etc.? Download, install, and run Dr.Web CureIt! Post the log it creates.yup, did both, the slow formatting type while installing new xp...only site I CONNECTED to was ms update...had not connected to any sites at all besides this MS one... You have to remember to turn on Windows firewall before you connect to the internet for the first time after a reinstall.....It's as if every malicious piece of garbage is sitting there waiting for an opening into your computer...... were you protected from the moment you WENT online?yup, xp firewall was on and I had a look at the exceptions... Quote Do you use filesharing often? Torrents, Limewire, Frostwire etc.?kpac, I'm sorry, you are right....lol' No, I dont use that garbage, pay for what i wanna hear or see... that site wont open for me...Download DDS from |HERE| or |HERE| or |HERE| and save it to your DESKTOP. Vista users right click on dds and select Run as ADMINISTRATOR (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. thanks evilfantasy, I did a clean install, but will certainly follow your advise, you never know...problem was that this win32 heur virus had to COME from MS Update, that was the only site I visited before i got oerwhelmed by all these bloody virusses... |
|
| 2155. |
Solve : Stuck, logs attached still waiting for help :)? |
|
Answer» I am still WAITING for SOMEONE to look at my logs. It has been a MONTH. Is this normal or did I do something WRONG? |
|
| 2156. |
Solve : the sleep refuses to work? |
|
Answer» ...my sleep on Vista Home Premium used to work.....it stopped working, over time......I did my bit with power options, etc...and it will wake up....but never again touching the mouse nor keyboard...I have to hit the on/off buttom on my Dell desktop.....my solution went LIKE this......start, control panel, classic view, DOUBLE click power options, click CHANGE when computer GOES to sleep, SELECT change advanced power settings, click+ next to sleep, click+ to allow hybrid sleep, click ok when finished.....well, this solved it.....but the sleep option is gone from keyboard and touching mouse to awake the computer from power save.....these two things cannot be done again to wake it up........or the other option to put to sleep and wake up computer at same page......that quit working too......this is not life and death...but the original options disappeared, and how do I get them back...or are they gone with the wind ? |
|
| 2157. |
Solve : 300+ viruses. windows installer is missing.? |
|
Answer» so like the tittle says, this computer has more than 300worms, trojans , adware, and others i have 2 / 3 requested logs, cannot install super anti spyware because miexecis missing. |
|
| 2158. |
Solve : Which antivirus is better?? |
|
Answer» do u know w/c antivirus is better, AVAST or AVG? PLEASE advise... |
|
| 2159. |
Solve : Can you increase the size of the archive folder in AVG? |
|
Answer» Hello and thank you for looking at my thread. |
|
| 2160. |
Solve : msnmgnr.exe problem..? |
|
Answer» hello, everyone...i'm a newbie. can anybody help me with this worm. missing file msnmgnr.exe keeps showing up every start up. at first i thought i need to replace my BIOS battery because my date and time setting always resets.and then after some time my monitor turns on and off when it is only a month old. here is my LOG: |
|
| 2161. |
Solve : Here are logs that bonui asked for.? |
|
Answer» i ATTACHED them frist ONE superantispyware secound hijack and THIRD mbam |
|
| 2162. |
Solve : unknown issue in XP (possible virus)-actually an issue with security center? |
|
Answer» Periodically (and only when my internet is plugged in) a quick bubble will pop up and disappear in the notifcations area on my desktop. I barely have time to make out any icon (it appears to be a red SYMBOL with a white 'x' inside it) and cannot make anything out in the actual 'chat bubble' that appears. Again this things happens appox every 30 seconds or so on average (sometimes faster, sometimes slower). I don't even KNOW if I would have NOTICED it except it makes the 'bubble' sound everytime it happenes. |
|
| 2164. |
Solve : windows System Defender Access denied? |
|
Answer» I have found the FILE which pops up that Windows defender has detected Trojans and other VIRUS ' in my computer is planted in my application data sub directory. |
|
| 2165. |
Solve : Black box the reads: "Your System is Infected!"? |
|
Answer» First of all, thank you for helping people like me! The initial steps have already helped out my system.
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be DISABLED and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix USAGE, see How to use ComboFixI've attached the ComboFix log. [Saving space, attachment deleted by admin]That found more than I thought it would. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan ARCHIVES. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan LogI've attached the ESETscan results. [Saving space, attachment deleted by admin]If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you very much. My computer is running much faster and doesn't have any of the problems from before. This is a great service you provide and I really appreciate your help! Thanks again, JeremyYour welcome. Safe surfing... |
|
| 2166. |
Solve : Computer help please!!? |
|
Answer» Hello everyone! My COMPUTER is acting up. I keep getting a "security tool" pop-up. My anti-virus software has expired and I cannot install a NEW one because the CD drive will not run. All the icons disappear after login and I cannot run any tools (ie. ad/remove programs, system restore, etc.).When trying to download anything from the internet the widnow disapears after pressing the run or save buttons. The internet works fine as does word and excel. Any ideas out there? |
|
| 2167. |
Solve : BTIN.DLL - TROJAN HORSE IN MY COMPUTER? |
|
Answer» HELLO, I am using antivirus program - NOD32 on my computer and since 1-2 weeks it shows me every day warning message that a BTIN.DLL file,a variant of Win32/Trojandownloader.Mebload.H trojan is caught on my computer and moved to quarantine. And even I delete it,it shows up every day,sometimes few times a day.I runed few different antivirus programs, but noone helped. Finally I found this forum and followed the Malware Removal Guide of this forum. And I have no idea what to do now.Iwill attach here the 3 logs required. Please,please for your help! Thanks a lot in advance! [Saving space, attachment deleted by admin]Welcome to CH. I need to get some more information before MOVING forward. Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will RECEIVE a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall TRY to block DDS then please allow it to run. * When finished DDS will open TWO (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. |
|
| 2168. |
Solve : Important: For Vista Users? |
|
Answer» I normally wait for updates for a week or so and scan all the Forums for issues before installing them. |
|
| 2169. |
Solve : Hijackthis, Im almost 100% sure i have a keylogger, or virus... please help? |
|
Answer» Logfile of HijackThis v1.99.1 |
|
| 2170. |
Solve : May have a Boot Sector Virus?? |
|
Answer» So I did a Factory Restore on my Computer cause it was goin slow, DVD Back Ups going slow, DVD Shrink Going Slow. When I open a program it sometimes opens slow. So After it restored it and installed windows, It said on the Screen Boot Sector Virus. |
|
| 2171. |
Solve : Can 2 anti-virus softwares be used simultaneously?? |
|
Answer» This PC CAME with Avira antivirus software already loaded in. It was ineffective. My dentist told me to use Skybot as well as Avira; so now I have 2. Is that OK? Do the systems counteract each other? Also, after downloading Skybot, my PC CRASHED and NOTHING was responding. The machine could not even log-off for about 7 hours. Should I delete Avira or leave it?No it is not okay and please stop starting new threads every time you logon here. Haven't you noticed the mods keep closing them? |
|
| 2172. |
Solve : some thing funny in my hjt log please have a look? |
|
Answer» checked my hjt log and theres a few funny things in it Adobe has released Version 9.2 of the Adobe Reader software for viewing PDF documents. The changes include addressing security vulnerabilities and providing several fixes. Here's some info. on [emailprotected]hi dave , do you mean delete both of these Update: Aside from the normal Adobe Reader Speed Launcher Reader_sl.exe startup entry, Version 9.2 of Reader now also adds an Adobe ARM AdobeARM.exe startup entry. Both are unnecessary and can be safely disabled. my adobe is up to date i had a look at the folding sight and think i spotted some thing it is these 2 , i cannot delete them using hjt tool HijackThis Blank Internet Explorer value for customizesearch. HijackThis Blank Internet Explorer value for searchassistant. i think the hjt log looks ok , do you EDIT; i watched the video i will try it , as i make out i MUST remove anything google and then they will go away |
|
| 2173. |
Solve : Virus Blocks My Following Directions? |
|
Answer» When going to CONTROL Panel, the virus prevents me from going to Add or Remove Programs so how can I remove spyware? It also has PREVENTED me from removing spyware when I enter "Windows TASK Manager". Certain sites, such as sched.exe, cannot be ended a MESSAGE says.It cannot be terminated and when I attempt to terminate another, the PC gets shut-down completely and re-boots.Closed. |
|
| 2174. |
Solve : McAfee auto unprotecting: followed Read this . . .? |
|
Answer» So, I had trouble with McAfee auto unprotecting, found your website and FOLLOWED the Read this steps 2-6. Found and removed some viruses, and malware. Attached are my log files. What next? |
|
| 2175. |
Solve : Question about spyware terminator? |
|
Answer» Is spyware terminator with virus scan enough to have running for protection and if not what other scanner program is good to USE with spware terminator. On the description page of spyware terminator it says: Spyware Terminator includes Real-Time Protection, HIPS, and antivirus. Effectively remove spyware, adware, trojans, keyloggers, home page hijackers, and malware threats even dangerous threats like Conficker, Mail Skinner or Trojan Vundo. Spyware Terminator is easy-to-use, requires minimal PC resources, and performs ultra fast scans. PROTECT your computer with powerful real-time protection shield, advanced system scanning and safe quarantine for found spyware. Scan your computer manually or SCHEDULE FULL system sweeps. Perform in-depth scans of your computer's hard drives, memory, process, registry and COOKIES to seek out and remove all known spyware threats.NO |
|
| 2176. |
Solve : hijackthis log but sniper.exe? |
|
Answer» Logfile of Trend MICRO HIJACKTHIS v2.0.2 |
|
| 2177. |
Solve : Re:Internet browsers>Yahoo Mail advertisements? |
|
Answer» I TRIED to CARRY out the Malware Removal process. I ran SPYBOT. Tea Times was not in. I have Avast! so Step A was bypassed. I did Step 1 to remove programs using the provided list of malware. There were none of these to remove. I ran Ccleaner. I tried to run SUPERANTISPYWARE and Malwarebytes but it would not work, presumedly because the SYSTEM is Windows 98. The resident version of Java was noted as being out of date but I could not update it. As the result of these failures, I did not attempt Step 6. |
|
| 2178. |
Solve : newest facebook worm, i just found out... pls help? |
|
Answer» i have modified this post but i still have basically the same problem. my desktop is now quite ok (though i suspect it is still infected by this new FACEBOOK WORM attached on that sexy lady picture) after i followed the steps advised by your HJT tool. i am using a wifi router and my other desktop (actually my cousin´s) still cannot access yahoo. also, my netbook (an asus EEEPC) experiences connection problems aside from the fact it also cannot access yahoo. whenever i open this notebook (which runs on a LINUX platform while my desktop is windows), i cannot connect to the internet unless i unplug/re-plug my wifi router. i cannot find a HJT which runs on linux because whenever i search for an anti-virus on google (remember, i CANT open yahoo), it takes forever to load-up the page i want to download from. i am only using an anti-virus software which came with this netbook. i truly hope that someone will look into my problem coz it´s already DRIVING me crazy. thank you and more power to this site. |
|
| 2179. |
Solve : My Infected PC Using Netscape? |
|
Answer» My Windows XP seems to be infected when I use Internet Explorer and Firefox. Just now, I tried using Netscape 7 and it seems to be OK. Except for a balloon in the lower corner saying "Windows Security alert" I am not getting pop=up blockers nor *censored* sites I was getting using IE or Firefox. Why is Netscape not infected? Strange. This is great.Either your pc is infected or it isn't. Using a different browser doesn't get rid of the viruses - it simply hasn't been EFFECTED yet because it's so outdated. The rest of your system is crawling with malware. |
|
| 2180. |
Solve : Update! My computer is now a doorstop.? |
|
Answer» I managed to download and run malwarebytes to my infected computer after running a full scan and "fixing" selected items, and there were more than 300 infected files, it restarted and upon restarting I get a message saying: NTLDR is missing, press CTL*alt*DELETE to restart. After doing this, the computer comes right back to the same message. It will not boot back up. I am completely blank as to what to do. Can someone please help? Thanks. http://www.google.com/search?hl=en&rlz=1T4GGLL_enUS304US305&q=ntldr+missing&aq=f&oq=&aqi=g10Hello locotrucker. Here's a link to MS to help with the missing NTLDR problem. If that wasn't bad enough, I have some more bad NEWS. I've checked the HJT log from your other thread and here it is. |
|
| 2181. |
Solve : Vista Wierd Messages? |
|
Answer» I'm on my mom's laptop, because EVEN though the guide is practically idiot-proof, she needs help. I walked her through the scanning process and all the logs are attached. She says that after she updated her JRE that she got these wierd messages, I didn't GET to see the actual messages, but she googled the file in question, a .dll (very helpful), and she read it was a virus. I did the scans and MBAM and SAS both picked up viruses, so it's probably not completely clean right now even after scanning/fixing. I can get any other required information as needed. A restore won't get rid of malware.Doesn't a factory restore turn the computer back to the way it was when it was MADE? With no user files? Combofix did make a log, but she did the restore before I got a chance to post it. And evil, that wasn't a system restore, it was a factory restore cd provided by Lenovo. Yes you should be good to go. I would run an online scan from BitDefender or ESET just to be sure.Quote from: evilfantasy on November 23, 2009, 09:58:33 AM Yes you should be good to go. I would run an online scan from BitDefender or ESET just to be sure.It comes with a 90 day trial of Norton, she's run a full scan after updating, went off without a hitch. |
|
| 2182. |
Solve : is it possible for...? |
|
Answer» a virus to block access to a hard drive prevent you from booting up into windows? |
|
| 2183. |
Solve : Browser search hijack, SAS, MBAM, HJT inop? |
|
Answer» Let's TRY this again. |
|
| 2184. |
Solve : Hijacked browser won't let me download Highjack this? |
|
Answer» I am posting this from my work computer, which won't LET me download anything to my thumb drive. |
|
| 2185. |
Solve : autorun viruse? |
|
Answer» hi i have autorun.inf and recycler viruse in my computer and usb flash drive that DONT CLEAN please help me |
|
| 2186. |
Solve : Help with search engine redirect virus? |
|
Answer» Hi, have picked up along the way something that has affected my searches and redirects them to liveliving.com or something like that (i immediately blocked it so any further links wouldn't load up the site). |
|
| 2187. |
Solve : BIOS virus question? |
|
Answer» Ok here it goes. I just wanted to confirm if bios VIRUS can be removed without flashing the bios. Two days ago, the boss' friend called for our help with his computer infected by a virus. One of my co-workers handled it(superior) and claimed to remove the virus. DAY after, the boss' friend called saying he now had a blue screen. Then just now, the boss called that he'll call back after an hour to help him up with that same computer. He said that my co-worker said that it has a bios virus. well, is it possible to remove a BIOS virus without flashing? Whoever said it was a BIOS virus might not know exactly what they were talking about. BIOS virus are extremely rare and the chances of getting one without someone physically setting at the computer and putting it there is extremely unlikely. Your not going to GET one from a bad download or malicious website. A boot sector virus is more likely. All you need to do to find out if it's clean is this. Download the MBR Rootkit Detector to your desktop. Go to Start > Run then copy and paste the following red text into the Open field: "%userprofile%\desktop\mbr.exe" -f Next, double click on the mbr.exe file and let it finish. A log will come up telling you if an infection is there or not. that makes my mind clear now. THANK you! the boss just called. and its having a 0x7b BSOD now.And its kinda rush so i just set aside the bios virus issue.. i did a repair install instead. I'll do the scan that you mentioned if he still have ISSUES later.Have him run Malwarebytes' Anti-Malware (MBAM) on it. MBAM is free to scan and remove malware with. You only have to pay if you want the full version which blocks malware. The free scanner is very good and if there is something there it should find and remove it. |
|
| 2188. |
Solve : Please help me identify this annoying virus..? |
|
Answer» OTM asked to reboot directly after processing.. hence, this log came from notepad that popped up afterwards, not from results window: All processes killed You should be good to go now. 1. Double click OTM to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. When finished EXIT out of OTM. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security ADDON for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before IMMUNIZING. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I still need to confirm a few things - about multiple programs that has been installed so far, is it safe to delete/uninstall 'em? here is the list: - TFC - HJT - CCleaner - malwarebytes - superantispyware coz isn't it better to have just one anti spyware/malware to avoid slowdown? which one do you recommend so far: malwarebytes, superantispyware, spywareblaster, spybot - that I should use? I ran Secunia: Detection Statistics: 0 Programs Detected in Total 0 Insecure Versions Detected 0 Updated Versions Detected and installed WOT and GOT TuneUp utilities from my friend. {it should be sufficient to have all-in-one maintenance tool} Quote coz isn't it better to have just one anti spyware/malware to avoid slowdown? Update and run both SAS and MBAM now and then. The free versions don't run in real time so they won't interfere with anything. You can uninstall HJT. TFC is very good for cleaning out temp files. Use CCleaner daily (or so) and use TFC once a week or every other week. |
|
| 2189. |
Solve : can i remove these files? |
|
Answer» can i remove these from hjt safely as i do not use bebo and have nothing in the pc for google |
|
| 2190. |
Solve : is the web access protection of eset nod32 v4 good?? |
|
Answer» i m using nod32 v4 for 2 days,i m CONFUSED that is that SCANNING web? database show 4641 (20091127) |
|
| 2191. |
Solve : My log files for malware/spyware help? |
|
Answer» SUPERAntiSpyware Scan Log
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- You have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed WITHOUT users approval but doesn't spy or do anything "bad". More information: * ViewMgr.exe - Useless * Viewpoint to Plunge Into Adware It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present. * Viewpoint * Viewpoint Manager * Viewpoint Media Player * Viewpoint Toolbar * Viewpoint Experience Technology ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix |
|
| 2192. |
Solve : repeated virus warning? |
|
Answer» ALRIGHTY. WELL thanks for all your help! i really appreciate it!Your welcome. SAFE surfing...Quote alrighty. well thanks for all your help! i really appreciate it!I hope you realise its taken 2 days to sort out your problem ,and not one so called expert as advised you to back up regularly , and reinstall if necessary 2 hours tops Are you saying that what we do is unreliable skyblue? Also, you might educate yourself a little before shooting off untrue comments. Quote from: evilfantasy on November 27, 2009, 05:19:50 PM Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Quote from: Keeping Yourself Safe On The Web System Restore and BackupsQuote Are you saying that what we do is unreliable skyblue?no a complete waste of time ,if you back up regularly,and reinstall every time, get a lifeYour trolling and telling me to get a life? Ironic...no? Quote Your trolling and telling me to get a life? Ironic...no? No No my friend just saying how it is, combo fix this ,combo fix that ,its not rocket science back up regularly and reinstall 2 hours tops trolling no not me ,look at my previous post,seen the light. by the way ,you haven't sorted out my logs,check my post, to difficult for you Quote from: skyblue on November 28, 2009, 05:40:27 PM by the way ,you haven't sorted out my logs,check my post, to difficult for you Reinstall then use your backup... Solved. |
|
| 2193. |
Solve : Dell laptop not running like it should(Everything is slow and takes forever!!!)? |
|
Answer» So back in February I received a Dell Inspirion E1505 laptop from my sister. She had the thing loaded down with crap, all KINDS of messengers, every browser in the book, stupid programs like virtual dj and crap. Anyways I went on and recieved help on this forum which took me step by step eradicating all the *censored* and really made the computer seem brand new. Now I don't know what the *censored* I did but ever since bout middle of August everything just started to seem bogged down. I tried to restore but to no avail. Google Chrome isnt as fast as it USED to be, in fact rather slow to tell the truth, alond with every other thing i try and open and use. Please help me, you GUYS were so great last time and i really do respect you guys for that. |
|
| 2194. |
Solve : Please Check Logs? |
|
Answer» Over the last couple of days i have been experiencing a couple of problems . |
|
| 2195. |
Solve : Ran HijackThis for the first time,,,,? |
|
Answer» Hello, This is the first time I have ran this program. Anyone see anything I need to FIX? Tom Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:31:41 AM, on 10/16/2009 Platform: WINDOWS XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows DESKTOP Search\WindowsSearch.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop UTILITY) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5746 bytes This needs fixing [Moderated Message: Please only post advice in the Computer Virus and Spyware Section if you are a Malware Specialist. Thank you.]ankur16 is cleared to post HJT instructions. Thanks.Just got the memo - understood, Evilfantasy. My apologies, Ankur16.No worries. |
|
| 2196. |
Solve : plugplay svchost.exe constant 50-90% CPU usage? |
|
Answer» It stopped at 68%, and I got an error message, with this explanation: Should I uninstall it and try again? Yes please do.Okay, it took a while, but it's finally DONE. It detected 0 malware. When it was finished scanning it never gave me an option for a log. It just gave me an ad for their software. With a 64bit OS we can't use our normal tools so we have to rely more on the scanners to tell us what's still wrong rather than finding it ourselves which is more thorough. I do still have a few tricks if needed. How is the computer doing now? Much better. Svchost (DcomLaunch) is still using around 60% CPU, but that's better than the 80%-100% it was before. I still have no audio even though it says the audio drivers were installed successfully. At the bottom right, next to the clock, it says no audio output device installed. When the svchost problem first occurred I had no sound even though an audio output device was installed. I read that uninstalling and installing the audio device would fix my problem. No luck as of yet. I ran a Malwarebytes full scan last night and here's the log: Malwarebytes' Anti-Malware 1.41 Database version: 3251 Windows 6.0.6002 Service Pack 2 12/2/2009 8:37:32 AM mbam-log-2009-12-02 (08-37-09).txt Scan type: Full Scan (C:\|) Objects scanned: 331148 Time elapsed: 8 hour(s), 8 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> No action taken. I have removed these 3 trojans. Download OTL to your desktop. * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. * When the window appears, underneath Output at the top change it to Minimal Output. * Check the boxes beside LOP Check and Purity Check. * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy and pate the contents of these files, one at a time, into your next reply. Note: You may need two or more posts to fit them all in.OTL Extras logfile created on: 12/2/2009 9:39:14 AM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jessica\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 66.79% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 586.40 Gb Total Space | 305.28 Gb Free Space | 52.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AJKK Current User Name: Jessica Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 51 65 25 BD AB 40 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0324B965-D846-478B-891A-813DDB24501D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{0A590022-9314-467C-8054-851B62DE173D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1A3A9A13-C805-41DD-B679-2A0929C5E3C1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{1D4B1889-C629-4F29-B31C-6FB63DDDB71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38F56280-66F3-46F0-A955-24F0F7B4DF22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A0C1004-687F-4C17-B905-CAED751259A7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{3BDCE857-9ABF-4B42-99EF-ED7ACE349824}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3DDE5B14-F56B-4216-A6DF-77E86343CCEB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{43ABE8BF-3AFF-4051-B383-50734F0DD83D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7BAF4D4F-3B3A-492D-B009-FD85BECC0135}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8491A49C-889F-46F2-A827-143C58014323}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{8FB3570A-BB58-443C-800C-6521A3808228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{999A109F-94AB-4D17-9176-19AADD4C6775}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9A3A14D4-75D7-4562-A171-77ACC32D3FD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8F28879-5403-48CD-BC06-C633B0D8DACE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{AB0D726F-B4F2-43B4-A11A-2F9F9B10AAF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B919D6B6-8945-4A6C-9CC8-93719EFE69CB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{BBC38F07-2963-41BF-AB6D-C86103E37FAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E04EF03B-E884-4763-B953-CF9AD941973D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{EC218AD9-DBBB-4040-BF85-0DF645B845B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EFB533C6-588A-4879-89B6-9EB70409AEAE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C97C446-8D92-40ED-9736-1D7DF5673014}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe | "{12DB2E64-2940-4A49-8CB4-FE2B9A0BF03D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1A9C2D0A-D91C-443A-BF74-7FB23985D560}" = protocol=58 | dir=out | [emailprotected],-203 | "{25A6E19C-AC11-431E-967D-3985F9C5CFF2}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3222F967-AE98-4A6D-A8D1-9EEDFBD8BA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{375C1985-F843-435E-B5C6-5E43292724A6}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe | "{3C6E91EA-06B2-46CE-BB0C-772B4994A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5036CC9C-DFD8-4EE0-81AB-BB740AE618BE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{60963526-0667-46C2-9979-42479DA90341}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{68F56D28-ABB4-4F49-9D41-CF3D0FE65D71}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{69AB3525-C8C4-4627-A887-B25C1270F022}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{6A0F1805-34ED-4463-A10B-6F975E5A5AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{772498A6-C972-47F6-B77C-4942812B61B5}" = protocol=6 | dir=in | app=c:\program files (x86)\COMMON files\aol\loader\aolload.exe | "{88F173AB-CB1A-4F12-BA14-DA1B34EEB07B}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{8BDD0E9E-08EE-4DA8-9B4B-4EBBE453AB34}" = protocol=58 | dir=in | app=system | "{8BE3AC01-C834-4F0F-B71C-18E2F8B5B27C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{90E57B42-1546-4F43-B18F-D69C5A92D769}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{94D16C12-C5D6-46DC-9F42-321FD34CFFF8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe | "{96EE35E1-1B54-45DD-B3B2-4228586DA8D0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{9DE80E45-EC6A-4F75-9542-13D7BDA99733}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A490E25E-C0D4-468C-B775-A4D63E10C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{ACB751B1-8A71-4E58-95B4-60A060418EA1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BDD44A77-9375-4837-975F-59E670CC4A3F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C07C4F28-CB48-441B-A115-79F0B1AB26D0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C1331E84-E248-4BCE-BE31-D87A0513EFBC}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D2924E90-7A3A-4784-A624-DF4556480B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{EA97D10B-217E-499C-B373-8864CF8180B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F8F676C7-08AF-4528-BCA4-65C93A1ED50B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{FA349BF1-F935-4F58-B3A4-05AA46536FFA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{FC946A4B-DB03-4929-8416-7E2E93CDB9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{4B4566F5-D4D4-4EDE-A2CD-198D36CDE1F3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{A63B1E1A-F6DC-4C9B-9137-C7D8AF04B31E}C:\games\summoner\sum.exe" = protocol=6 | dir=in | app=c:\games\summoner\sum.exe | "TCP Query User{CF0F5477-4B7F-42F5-A2C1-EDB926E5E58A}C:\program files (x86)\microsoft games\close combat iii\cc3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\close combat iii\cc3.exe | "TCP Query User{D30D56BD-7444-47BB-B027-6F2D009D0B91}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{EF283F6D-2AF9-4CB7-B82B-B5DF0C1C670E}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{1A0F8AFC-3060-4B7E-A176-A82B59801969}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{4A32AE20-3269-4D93-B38F-071AEAB93FB2}C:\games\summoner\sum.exe" = protocol=17 | dir=in | app=c:\games\summoner\sum.exe | "UDP Query User{890BFAE2-20A2-4A58-831E-912EAAE245FA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{C9A2B3D6-549B-4D20-B6FD-5DF96FF5E2BE}C:\program files (x86)\microsoft games\close combat iii\cc3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\close combat iii\cc3.exe | "UDP Query User{E9E7CF27-5637-4129-9421-363AA22E7A86}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series "{1264D259-A741-4DEE-4898-C4D52DE3ACC5}" = ATI Catalyst Install Manager "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8E388E35-590A-4600-B19F-66BDE288D386}" = Sun xVM VirtualBox "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D7745F7A-E007-40F4-22AF-6B2F4A936328}" = ccc-utility64 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "CanonMyPrinter" = Canon My Printer "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3 "{1B27D1D2-2A46-0D22-02B6-4C968CDADBA5}" = Catalyst Control Center Graphics Full New "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16 "{35DE6548-BEF5-6023-2595-28B7AF97C7A1}" = Catalyst Control Center Core Implementation "{374C2648-1985-FA76-D2DA-4D196DB815F1}" = Catalyst Control Center InstallProxy "{3949DD93-2AA3-4F88-6DF2-3A474E7C9F20}" = Skins "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{49DC0DD3-1370-41E4-B82C-552EB4985F89}" = Geneforge 4 "{4DDFEC43-2656-9A57-4480-3597422C3738}" = CCC Help English "{52F67F21-CD2D-B159-8343-0C47211F83A2}" = ccc-core-static "{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2 "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries "{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set "{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9759DCDF-3A65-597F-67EB-1EA6E797D39A}" = Catalyst Control Center Graphics Previews Vista "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB0ED3FB-2C23-4D46-536E-9F2DBB965F81}" = Catalyst Control Center HydraVision Full "{CB11A659-62A8-D40F-AFE1-ECAC8CACAC93}" = Catalyst Control Center Graphics Full Existing "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FDC70DF6-69E3-FAB3-DC74-682557A1AD9F}" = Catalyst Control Center Graphics Light "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523 "Canon iP2600 series User Registration" = Canon iP2600 series User Registration "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner (remove only) "Celestia_is1" = Celestia 1.5.1 "Close Combat 3.00" = Microsoft Close Combat III "Coupon Printer for Windows4.0" = Coupon Printer for Windows "DVD Flick_is1" = DVD Flick 1.3.0.7 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Fallout" = Fallout "Fallout2" = Fallout2 "Free Sound Recorder_is1" = Free Sound Recorder v7.9.5 "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0 "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276) "Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.1.18 "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Monkey's Audio_is1" = Monkey's Audio "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Product_Name" = Blades of Avernum "Smart Copy" = Smart Copy 3.1.1.1 "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent gateway Master Uninstall" = Gateway Games "Winamp" = Winamp "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/11/2009 10:23:54 AM | Computer Name = AJKK | Source = Application Error | ID = 1000 Description = Faulting application Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49344cdc, faulting module Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49344cdc, exception code 0xc0000005, fault offset 0x0000000000046458, process id 0x1004, application start time 0x01ca62da851ca630. Error - 11/11/2009 10:07:09 PM | Computer Name = AJKK | Source = Application Error | ID = 1000 Description = Faulting application VirtualBox.exe, version 2.2.4.0, time stamp 0x4a202184, faulting module VBoxOGLrenderspu.dll_unloaded, version 0.0.0.0, time stamp 0x4a202148, exception code 0xc0000005, fault offset 0x0000000002813c98, process id 0x114, application start time 0x01ca6333a00bbd60. Error - 11/11/2009 10:18:08 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 10:28:23 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 10:49:36 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 11:07:46 PM | Computer Name = AJKK | Source = WinMgmt | ID = 10 Description = Error - 11/14/2009 2:21:50 PM | Computer Name = AJKK | Source = WinMgmt | ID = 10 Description = Error - 11/16/2009 9:49:19 AM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = Error - 11/16/2009 7:44:49 PM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = Error - 11/17/2009 1:05:47 AM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = [ Media Center Events ] Error - 6/22/2009 5:32:02 AM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 8/3/2009 3:30:41 AM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/7/2009 5:52:26 PM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/8/2009 5:36:02 PM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 8/27/2009 11:29:59 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:14 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:20 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:29 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:41 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/28/2009 12:09:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7011 Description = Error - 8/28/2009 12:51:29 AM | Computer Name = AJKK | Source = HTTP | ID = 15016 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = < End of report > OTL logfile created on: 12/2/2009 9:39:14 AM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jessica\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 66.79% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 586.40 Gb Total Space | 305.28 Gb Free Space | 52.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AJKK Current User Name: Jessica Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Windows\mHotkey.exe () PRC - C:\Windows\ChiFuncExt.exe (Chicony) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 07:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.richarddawkins.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.en gineName: "web-radio Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "web-radio Customized Web Search" FF - prefs.js..browser.search.suggest.enable d: false FF - prefs.js..browser.startup.homepage: "http://richarddawkins.net/forum/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: [emailprotected]:1.1 FF - prefs.js..extensions.enabledItems: {1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}:0.9.2 FF - prefs.js..extensions.enabledItems: {f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}:1.5.1 FF - prefs.js..extensions.enabledItems: [emailprotected]:2.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: *Blocked Russian URL*:9.0.0.736 FF - prefs.js..extensions.enabledItems: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.2 FF - prefs.js..extensions.enabledItems: [emailprotected]:3.5 FF - prefs.js..extensions.enabledItems: [emailprotected]:2.1 FF - prefs.js..extensions.enabledItems: [emailprotected]:3.8 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/29 14:04:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/29 14:04:57 | 00,000,000 | ---D | M] [2009/03/19 15:33:00 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions [2009/12/01 17:25:33 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions [2009/08/29 11:13:15 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} [2009/10/31 20:55:07 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/11/15 11:22:59 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2009/08/29 11:16:31 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2009/10/28 19:08:01 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/10/08 22:09:21 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/06/02 20:25:56 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0} [2009/10/08 22:23:52 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/06/26 19:24:35 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/11/08 12:11:48 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/09/23 13:22:15 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/09/28 20:29:03 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/03/18 10:04:06 | 00,000,878 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\FireFox\Profiles\fugfpru6.default\searchplugins\conduit.xml [2009/11/28 15:47:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/10/10 13:24:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049} [2009/11/06 08:58:25 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla *Blocked Russian URL* [2008/06/18 00:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/05/01 20:47:11 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll [2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{53084f0e-13bf-11de-86fc-0022684911df}\Shell - "" = AutoRun O33 - MountPoints2\{53084f0e-13bf-11de-86fc-0022684911df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/02 09:31:57 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe [2009/12/02 09:10:08 | 00,000,000 | ---D | C] -- C:\Windows\LastGood [2009/12/01 11:54:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2009/12/01 11:34:46 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009/11/30 16:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek [2009/11/29 21:58:25 | 02,714,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2009/11/29 21:58:23 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/29 21:58:23 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/29 21:58:22 | 00,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/29 21:58:22 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2009/11/29 21:58:22 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2009/11/29 21:58:22 | 00,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/29 21:58:22 | 00,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/29 21:58:22 | 00,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/29 21:58:21 | 02,191,872 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2009/11/29 21:58:19 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2009/11/29 21:58:19 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2009/11/29 21:58:17 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2009/11/29 19:14:28 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2009/11/29 19:08:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2009/11/29 19:08:33 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2009/11/29 18:26:12 | 01,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe [2009/11/29 18:26:12 | 01,364,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe [2009/11/29 18:26:12 | 01,261,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2009/11/29 18:26:12 | 00,765,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2009/11/29 18:26:12 | 00,598,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2009/11/29 18:26:12 | 00,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2009/11/29 18:26:11 | 06,296,064 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe [2009/11/29 18:26:11 | 00,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2009/11/29 18:26:11 | 00,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2009/11/29 18:26:11 | 00,040,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2009/11/29 18:24:37 | 00,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64 [2009/11/28 13:37:54 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes [2009/11/28 13:37:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009/11/28 13:37:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009/11/28 13:37:20 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009/11/28 13:37:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/11/28 13:11:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2009/11/28 10:53:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2009/11/28 01:14:34 | 06,216,032 | ---- | C] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe [2009/11/27 23:58:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2009/11/25 05:59:08 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2009/11/25 05:59:07 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2009/11/24 05:08:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable DEVICES [2009/11/24 05:08:12 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2009/11/24 05:08:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2009/11/24 04:34:51 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2009/11/24 04:34:51 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2009/11/24 04:34:51 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2009/11/24 04:34:31 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2009/11/24 04:34:16 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2009/11/24 04:34:16 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2009/11/24 04:34:16 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2009/11/24 04:34:13 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2009/11/24 04:34:13 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2009/11/24 04:34:13 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll [2009/11/24 04:34:12 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll [2009/11/24 04:34:12 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2009/11/24 04:34:11 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2009/11/24 04:34:11 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2009/11/24 04:34:11 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2009/11/24 04:34:11 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2009/11/24 04:34:11 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2009/11/24 04:34:10 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2009/11/24 04:34:10 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll [2009/11/24 04:34:10 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe [2009/11/24 04:34:10 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll [2009/11/24 04:34:10 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll [2009/11/24 04:34:10 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe [2009/11/24 04:34:10 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll [2009/11/24 04:34:09 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2009/11/24 04:34:09 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll [2009/11/24 04:34:09 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll [2009/11/24 04:34:09 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2009/11/24 04:34:09 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll [2009/11/24 04:34:08 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2009/11/24 04:34:08 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2009/11/24 04:34:08 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2009/11/24 04:34:08 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2009/11/24 04:34:08 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2009/11/24 04:34:07 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2009/11/24 04:34:07 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2009/11/24 04:34:07 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2009/11/24 04:34:06 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2009/11/24 04:34:06 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2009/11/24 04:34:06 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2009/11/24 04:34:06 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll [2009/11/24 04:34:06 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2009/11/24 04:34:06 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll [2009/11/24 04:34:06 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2009/11/24 04:34:06 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2009/11/24 04:34:05 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2009/11/24 04:34:05 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2009/11/24 04:27:04 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe [2009/11/24 04:27:04 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe [2009/11/24 04:26:58 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll [2009/11/24 04:25:56 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll [2009/11/24 04:25:54 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll [2009/11/24 04:25:53 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll [2009/11/24 04:25:53 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll [2009/11/24 04:25:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll [2009/11/24 04:25:53 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys [2009/11/24 04:25:52 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2009/11/24 04:25:51 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll [2009/11/24 04:25:51 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll [2009/11/24 04:25:49 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll [2009/11/24 04:25:48 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll [2009/11/24 04:25:48 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll [2009/11/24 04:25:47 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll [2009/11/24 04:25:47 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll [2009/11/24 04:25:46 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll [2009/11/24 04:25:46 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll [2009/11/24 04:25:46 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll [2009/11/24 04:25:45 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll [2009/11/24 04:25:45 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll [2009/11/24 04:25:45 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll [2009/11/24 04:10:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll [2009/11/24 04:10:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll [2009/11/24 04:10:32 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2009/11/24 04:10:32 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2009/11/24 04:10:32 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2009/11/23 10:47:04 | 00,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71d.dll [2009/11/23 10:46:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Video Converter [2009/11/15 14:03:40 | 00,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx [2009/11/15 14:03:40 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx [2009/11/15 14:03:40 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll [2009/11/15 14:03:40 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx [2009/11/15 14:03:40 | 00,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx [2009/11/15 14:03:39 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx [2009/11/15 14:03:39 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx [2009/11/15 14:03:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick [2009/11/07 10:08:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe ========== Files - Modified Within 30 Days ========== [2009/12/02 09:44:04 | 02,883,584 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT [2009/12/02 09:31:59 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe [2009/12/02 08:46:24 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2009/12/02 08:46:06 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/02 08:46:06 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/02 08:46:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/02 08:45:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/12/02 08:43:07 | 00,524,288 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/02 08:43:07 | 00,065,536 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/02 08:42:54 | 04,092,172 | -H-- | M] () -- C:\Users\Jessica\AppData\Local\IconCache.db [2009/12/01 11:51:34 | 02,672,312 | ---- | M] () -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe [2009/12/01 11:02:59 | 03,574,016 | ---- | M] () -- C:\Users\Jessica\Desktop\ComboFix.exe [2009/11/30 16:10:14 | 00,093,184 | ---- | M] () -- C:\Users\Jessica\Documents\Untitled Document.wps [2009/11/30 16:10:14 | 00,000,216 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\wklnhst.dat [2009/11/30 08:21:40 | 00,100,864 | ---- | M] () -- C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/29 21:58:31 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2009/11/29 18:12:15 | 44,377,846 | ---- | M] () -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64.zip [2009/11/29 16:39:27 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/29 16:39:27 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/29 16:39:27 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/29 14:05:12 | 00,001,780 | ---- | M] () -- C:\Users\Jessica\Desktop\Mozilla Firefox.lnk [2009/11/29 13:41:00 | 02,603,675 | ---- | M] () -- C:\Users\Jessica\LightningKickingAss.gif [2009/11/29 13:22:04 | 00,048,525 | ---- | M] () -- C:\Users\Jessica\Physics Bumper Sticker.jpg [2009/11/29 12:33:00 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2009/11/29 11:58:51 | 00,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2009/11/29 11:58:39 | 00,392,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/11/29 10:18:54 | 00,000,727 | ---- | M] () -- C:\Users\Jessica\Desktop\procexp64 - Shortcut.lnk [2009/11/28 13:37:35 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 10:53:16 | 00,001,930 | ---- | M] () -- C:\Users\Jessica\Desktop\HijackThis.lnk [2009/11/28 01:14:38 | 06,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe [2009/11/28 00:20:41 | 00,000,732 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps64.dat [2009/11/24 05:06:00 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/24 04:57:12 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/23 12:57:28 | 00,000,244 | ---- | M] () -- C:\Windows\win.ini [2009/11/19 16:32:53 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat [2009/11/17 20:47:36 | 00,332,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/17 20:47:36 | 00,149,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/16 11:09:27 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2009/11/13 15:16:02 | 00,363,008 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/13 15:16:02 | 00,198,656 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/13 15:16:02 | 00,095,744 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/13 15:16:02 | 00,073,216 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/10 16:33:44 | 02,191,872 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2009/11/10 16:32:14 | 02,714,112 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2009/11/07 10:08:44 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/11/06 08:59:36 | 08,074,812 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat [2009/11/06 08:59:36 | 00,933,948 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat [2009/11/06 08:59:36 | 00,074,228 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx [2009/11/06 08:59:36 | 00,005,780 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx [2009/11/06 08:46:37 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2009/11/06 08:46:37 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2009/11/03 13:12:38 | 00,000,587 | ---- | M] () -- C:\Users\Jessica\Desktop\zsnesw - Shortcut.lnk [2009/11/02 13:48:02 | 00,831,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll ========== Files Created - No Company Name ========== [2009/12/01 11:51:34 | 02,672,312 | ---- | C] () -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe [2009/12/01 11:02:59 | 03,574,016 | ---- | C] () -- C:\Users\Jessica\Desktop\ComboFix.exe [2009/11/30 16:10:13 | 00,093,184 | ---- | C] () -- C:\Users\Jessica\Documents\Untitled Document.wps [2009/11/29 18:26:11 | 00,659,968 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll [2009/11/29 18:09:40 | 44,377,846 | ---- | C] () -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64.zip [2009/11/29 13:40:58 | 02,603,675 | ---- | C] () -- C:\Users\Jessica\LightningKickingAss.gif [2009/11/29 13:22:00 | 00,048,525 | ---- | C] () -- C:\Users\Jessica\Physics Bumper Sticker.jpg [2009/11/29 12:33:00 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/11/29 10:51:10 | 00,000,366 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job [2009/11/29 10:18:54 | 00,000,727 | ---- | C] () -- C:\Users\Jessica\Desktop\procexp64 - Shortcut.lnk [2009/11/28 13:37:35 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 10:53:16 | 00,001,930 | ---- | C] () -- C:\Users\Jessica\Desktop\HijackThis.lnk [2009/11/28 00:20:41 | 00,000,732 | ---- | C] () -- C:\Users\Jessica\AppData\Local\d3d9caps64.dat [2009/11/24 05:06:00 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/24 04:57:12 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/07 10:08:44 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/11/03 13:07:29 | 00,000,587 | ---- | C] () -- C:\Users\Jessica\Desktop\zsnesw - Shortcut.lnk [2009/10/30 10:11:28 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/10/30 10:11:27 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/10/30 10:11:25 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/10/30 10:11:24 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/10/30 10:11:24 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/10/30 10:11:21 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/30 10:11:21 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 18:17:14 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/17 18:15:57 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/09/15 21:03:47 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009/08/27 22:38:56 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009/04/27 07:49:26 | 00,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2009/03/20 19:21:57 | 00,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI [2009/03/20 08:29:18 | 00,000,228 | ---- | C] () -- C:\Windows\wininit.ini [2009/03/16 17:02:18 | 00,000,216 | ---- | C] () -- C:\Users\Jessica\AppData\Roaming\wklnhst.dat [2009/03/16 12:18:34 | 00,100,864 | ---- | C] () -- C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/15 16:23:42 | 00,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/03/15 16:23:42 | 00,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2009/03/15 16:23:42 | 00,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2009/02/10 03:42:27 | 00,294,912 | ---- | C] () -- C:\Windows\PIC.dll [2009/02/10 03:42:27 | 00,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini [2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2009/09/07 17:15:26 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Atari [2009/06/08 10:23:18 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Azureus [2009/08/09 13:45:12 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Bitsoft [2009/06/15 11:35:18 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Lite [2009/06/08 12:53:33 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Pro [2009/05/20 12:00:21 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Downloaded Installations [2009/08/09 08:38:24 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\gtk-2.0 [2009/08/11 17:38:36 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Jasc [2009/08/01 21:49:29 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Leadertech [2009/09/15 19:51:52 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\NCH Swift Sound [2009/07/15 23:01:27 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Template [2009/11/27 23:58:50 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\uniblue [2009/11/29 10:58:01 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\uTorrent [2009/03/16 17:13:19 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\WildTangent [2009/11/29 11:58:51 | 00,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2009/12/02 08:44:08 | 00,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data STREAMS ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:0E799D7F < End of report > Okay, let me update you briefly. Svchost.exe isn't taking a significant amount of processing power any more. My computer is running much better as far as speed is concerned. My only remaining problem is having no sound. I never thought it would be a virus though. I thought having Kaspersky on it's highest setting would stop any viruses. A little naive of me, I admit. During this little problem, I've been scouring the web for advice or a solution. I've read that Vista and anti-malware programs don't get along very well. Has this problem been fixed in Windows 7?Quote During this little problem, I've been scouring the web for advice or a solution. I've read that Vista and anti-malware programs don't get along very well. Has this problem been fixed in Windows 7? I've ran both Vista and now Windows 7 64bit and not had a problem with any anti-malware program and I've tested a bunch of them... I don't see anything in the logs. I suggest starting a topic in the Microsoft Windows forum for some suggestions on the sound driver. You have already tried everything I can think of. Alright, well let me thank you then. Thank you!!! My comp is running like it first did when we purchased it. evilfantasy for prez!!Your welcome. Safe surfing... Here are a few more suggestions to help you tighten up your security. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2197. |
Solve : I keep getting hacked into wireless? |
|
Answer» How can i stop a person from hacking into my wireless internet which has a password allready ?? I know if i change my password but i dont want to keep changing it daily is there a why to make him work HARDER or to shut him down with out calling some authority this is a friend of my son....lol some friend huh this is a friend of my son I would suggest you follow the advice of BC. How do you know he is hacking? Could your son be giving him the password to your wireless? |
|
| 2198. |
Solve : Stubborn google re-direct problem? |
|
Answer» I notice that there are a lot of issues re google redirects and i am faced with the same problem |
|
| 2199. |
Solve : Trojan SHeur.AWKY? |
|
Answer» Hi, |
|
| 2200. |
Solve : Here are my 3 logs. Virus or something else I need to delete ?? |
|
Answer» Quote EarthLink Accelerator Have you tried using Revo uninstaller to remove these? Download Revo Uninstaller * Open Revo and let the list populate (can take several seconds to finish). * Right click what you want to uninstall and choose Uninstall * Next choose Advanced then click Next * This will (try to) launch the programs built in uninstaller and go through the normal uninstall process. * If the uninstaller fails just continue on with the Revo instructions. * Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers. * This scan can take several seconds. * Once the results are shown LOOK at each one to ENSURE they are all related to the program that was uninstalled. * Choose Select All then click Delete * Click Next and Revo will scan for any files or folders that were not removed. * If any files/folders are found choose Select all > DeleteOk, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be USED with programs that are currently installed". I was also having a problem with Logitech.....is that still there, too? Thanks in advance !Quote from: TriciaM on November 14, 2009, 07:33:47 PM Ok, I think I was successful. I only found one Earthlink program to uninstall. Did I miss anything ? I tried to uninstall Earthlink toolbar, but it gave me a message that said something like, "the uninstaller can only be used with programs that are currently installed". If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is IMPORTANT that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: ADSFilter ADSMonitor EarthLinkSafeConnectDriver EarthLinkSafeConnectFilter EarthLinkSafeConnectShim Folder:: c:\program files\earthlink 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze Quote from: TriciaM on November 14, 2009, 07:33:47 PM I was also having a problem with Logitech.....is that still there, too? Thanks in advance ! What problem? What model of Logitech QuickCam is it?Hopefully the combofix log is attached.... [Saving space, attachment deleted by admin]Ref to Logitech quickcam, I think it is the Fusion. I cannot find the software, but I will look further.Quote from: TriciaM on November 21, 2009, 07:12:40 PM Ref to Logitech quickcam, I think it is the Fusion. If that's it then this is the software. QuickCam® Fusion http://www.logitech.com/pub/techsupport/quickcam/qc1051enu.exe If not then the rest of the downloads are here. Webcam software and driver support for Windows * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. The above was done. Thanks.Ok, I thought I was done....I just got an error message stating that it is not safe to continue and that I may be infected with the file patching virus called "virut"......the error message is the tan/blue window.....Download Dr.Web CureIt and save it to your desktop. Scan with DrWeb-CureIt as follows:
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad * Copy and paste that log in the next replyIt's not done scanning...however...it found this: C:\windows\system32\DSRIRREM.EXE and told me that it is infected with Trojan.Downloader.origin and cannot be cured.DSRIRREM.EXE;C:\WINDOWS\system32;Trojan.DownLoader.origin;Incurable.Moved.; gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Deleted.; RegUBP2b-Tricia & Roger.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.; DSRIRREM.EXE;C:\I386;Trojan.DownLoader.origin;Incurable.Moved.; A0216056.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.; A0216058.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.StartPage.1505;Deleted.; A0216059.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1818;Trojan.DownLoader.origin;Incurable.Moved.; There is no indication of a Virut infection.When the Dr. Web program scanned and moved items (viruses), did I need to do something to those? And hopefully, this isn't a dumb question, but where exactly does the Dr. Web move them to? Thanks for all your help !Also, I wanted to ask, is it safe to say that these viruses are ALLOWED in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again !I believe the quarantined files go to C:\Program Files\DrWeb\Quarantine or C:\{user profile}\DrWeb\Quarantine Quote from: TriciaM on November 30, 2009, 07:26:53 PM Also, I wanted to ask, is it safe to say that these viruses are allowed in by me, by opening attachments, "accepting" on Zone Alarm, or downloading games, etc. ? Thanks again ! Yes usually they get in by clicking on something. Not all antivirus will stop a rouge program since it isn't actually a virus. |
|