1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Fake antivirus program

Discussion in 'Virus & Other Malware Removal' started by agurl, May 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. agurl

    agurl Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    2
    "xp antimalware 2010" keeps popping up and running a "scan" saying the computer is infected. I can't go on the internet, it keeps redirecting me to random ad pages. It won't me run or install any programs. Please help. Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:39:32 PM, on 4/29/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON WorkForce 310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFHA.EXE /FU "C:\WINDOWS\TEMP\E_S106.tmp" /EF "HKCU"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218519481952
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 5277 bytes
     
  2. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hello, agurl
    Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:

    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    Sorry for the delay in response. If you still need help, please do the following.



    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
     
  3. agurl

    agurl Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    2
    OTL logfile created on: 5/15/2010 2:45:54 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 20.54 Gb Free Space | 55.14% Space Free | Partition Type: NTFS
    Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MK-LK3SPJWJKGJA
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/05/03 06:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2010/02/07 02:22:17 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2009/08/21 04:22:44 | 000,408,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    PRC - [2009/06/05 13:39:18 | 014,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
    PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2008/11/17 07:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFHA.EXE
    PRC - [2008/10/13 18:58:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/03 06:11:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========


    ========== Driver Services (SafeList) ==========

    DRV - [2006/12/18 10:00:14 | 000,424,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/04/05 16:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2003/10/23 17:04:00 | 000,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gticard.sys -- (GTICARD)
    DRV - [2003/08/29 15:56:12 | 000,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
    DRV - [2002/12/10 16:13:22 | 000,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 16:54:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 16:54:34 | 000,000,000 | ---D | M]

    [2010/01/07 04:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2010/04/19 18:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\033ma2ms.default\extensions
    [2010/02/06 19:19:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\033ma2ms.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/19 18:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2003/07/16 13:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [EPSON WorkForce 310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFHA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218519481952 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/11 21:50:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{c8c78480-5d74-11df-858d-00904b15b90f}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8c78480-5d74-11df-858d-00904b15b90f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c8c78480-5d74-11df-858d-00904b15b90f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/11 21:49:57 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/05/12 14:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
    [2010/05/12 14:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2010/05/12 11:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2010/04/29 21:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/25 20:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/04/25 20:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/03/01 01:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/02/26 23:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Cabos
    [2010/02/26 02:33:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/02/26 01:48:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/02/26 01:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010/02/26 01:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/02/25 23:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
    [2010/02/24 17:02:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/05/15 14:36:37 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
    [2010/05/13 22:01:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/13 13:23:34 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
    [2010/05/12 11:30:40 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/05/12 11:30:40 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/05/12 11:30:40 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/05/12 11:26:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/12 11:26:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/12 11:26:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/12 11:24:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2010/05/12 11:04:54 | 003,221,522 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2010/05/12 11:00:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/05/11 20:16:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/04 11:34:07 | 000,013,864 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2933622510
    [2010/05/04 11:34:07 | 000,013,864 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2933622510
    [2010/05/04 11:34:04 | 000,013,872 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\45GGW
    [2010/05/04 11:34:03 | 000,013,872 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\45GGW
    [2010/04/29 21:39:11 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
    [2010/04/25 14:46:29 | 000,004,786 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Cabos.plist
    [2010/04/19 18:51:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$ar Sir or Madam.docx
    [2010/04/16 12:29:32 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
    [2010/04/16 12:29:32 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD2040.DAT
    [2010/04/15 19:42:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/04/07 22:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/20 15:33:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/02/26 02:32:49 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/02/26 01:43:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/02/19 01:37:25 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/02/19 01:24:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$lling statement.docx
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/15 14:36:37 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
    [2010/05/12 11:00:14 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/05/04 11:34:05 | 000,013,864 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\2933622510
    [2010/05/04 11:34:05 | 000,013,864 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2933622510
    [2010/04/29 21:36:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
    [2010/04/25 20:06:33 | 000,013,872 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\45GGW
    [2010/04/25 20:06:33 | 000,013,872 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\45GGW
    [2010/04/19 18:51:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$ar Sir or Madam.docx
    [2010/04/16 12:29:32 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2010/04/16 12:29:32 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2040.DAT
    [2010/02/26 23:59:38 | 000,004,786 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Cabos.plist
    [2010/02/19 01:24:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$lling statement.docx
    [2010/01/20 14:08:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2010/01/17 22:03:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/08/13 23:42:05 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
    [2008/08/13 23:30:14 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/08/13 23:30:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

    ========== LOP Check ==========

    [2010/01/17 22:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2005/06/17 19:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/04/25 14:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cabos
    [2010/01/17 22:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
    [2010/01/18 21:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
    [2010/01/20 02:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2010/01/07 04:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

    ========== Purity Check ==========


    < End of report >OTL Extras logfile created on: 5/15/2010 2:45:54 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 20.54 Gb Free Space | 55.14% Space Free | Partition Type: NTFS
    Drive D: | 3.76 Gb Total Space | 3.75 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MK-LK3SPJWJKGJA
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = CardBus
    "{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
    "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D27928E5-C1A2-47B1-9834-6191D3AC34CE}" = Cabos
    "{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "ClubWPT" = ClubWPT
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 310 Series" = EPSON WorkForce 310 Series Printer Uninstall
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = PCI 7510 CardBus Controller with SmartCard and Software
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROR" = Microsoft Office Professional 2007
    "Veetle TV" = Veetle TV 0.9.16
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/2/2005 8:43:10 PM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 7/2/2005 9:14:36 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/26/2009 3:57:18 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/26/2009 3:57:18 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/26/2009 3:57:18 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 12/26/2009 3:57:18 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 2/1/2010 7:33:00 PM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
    with error: This operation returned because the timeout period expired.

    Error - 2/1/2010 7:33:00 PM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>
    with error: The specified server cannot perform the requested operation.

    Error - 2/4/2010 12:38:03 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
    with error: This operation returned because the timeout period expired.

    Error - 2/4/2010 12:38:03 AM | Computer Name = MK-LK3SPJWJKGJA | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AD7E1C28B064EF8F6003402014C3D0E3370EB58A.crt>
    with error: The specified server cannot perform the requested operation.

    [ System Events ]
    Error - 5/12/2010 2:24:57 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 5/12/2010 2:24:57 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 5/12/2010 2:26:38 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 5/12/2010 2:26:38 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 5/12/2010 10:34:00 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.11 on
    the Network Card with network address 00904B15B90F.

    Error - 5/13/2010 2:56:00 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.11 on
    the Network Card with network address 00904B15B90F.

    Error - 5/13/2010 4:23:15 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.11 on
    the Network Card with network address 00904B15B90F.

    Error - 5/15/2010 1:33:05 AM | Computer Name = MK-LK3SPJWJKGJA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.11 on
    the Network Card with network address 00904B15B90F.

    Error - 5/15/2010 1:33:14 AM | Computer Name = MK-LK3SPJWJKGJA | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 5/15/2010 5:35:39 PM | Computer Name = MK-LK3SPJWJKGJA | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.0.11 on
    the Network Card with network address 00904B15B90F.


    < End of report >
     
  4. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,


    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920518

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice