atrium

hidden desktop

11 posts in this topic

I ran MBAM, found and deleted fakealert trojan and PUM.hidden.desktop, PUM.hijack.displayproperties and PUM.hijack.taskmanager. However, after reboot, desktop is still hidden. Reran MBAM, no infections found. What do I do next?

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Share this post


Link to post
Share on other sites

Thanks. I downloaded and ran Unhide.exe. Then I went into various folders (My Documents, etc.) and turned off Hidden attribute. Access to files and folders have been restored. However, Programs are still hidden, that is Start/All Programs only shows Malwarebytes and other programs I added after running Unhide.exe. Any thoughts on how to restore access to Programs, other than My Computer/Local Disk ©/Program Files/Excel or Winword, etc.. THANKS

Share this post


Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Thanks. OTL.txt as follows: OTL Extras logfile created on: 5/24/2011 4:26:10 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\G-HERO\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 591.98 Mb Available Physical Memory | 57.87% Memory free

1.28 Gb Paging File | 0.83 Gb Available in Paging File | 64.72% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 86.92 Gb Free Space | 58.32% Space Free | Partition Type: NTFS

Computer Name: ATRIUM | User Name: G-HERO | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\BitLord2\BitLord.exe" = C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2 -- ()

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant

"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A

"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg

"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"AIM Toolbar" = AIM Toolbar

"AIM_7" = AIM 7

"BitLord_is1" = BitLord v2.0

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"conduitEngine" = Conduit Engine

"Google Desktop" = Google Desktop

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G

"LimeWire" = LimeWire 5.3.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"MSC" = McAfee SecurityCenter

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Driver" = NVIDIA Display Driver

"PROSet" = Intel® PRO Ethernet Adapter and Software

"RealPlayer 12.0" = RealPlayer

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"TorrentMan Toolbar" = TorrentMan Toolbar

"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/18/2011 10:55:28 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 5/18/2011 10:55:28 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

[ System Events ]

Error - 5/22/2011 12:49:50 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm Lbd mfehidk Null OMCI

Error - 5/22/2011 12:50:30 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNASvc with

arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 5/22/2011 12:50:33 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNASvc with

arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 5/22/2011 12:54:58 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/22/2011 2:01:08 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/22/2011 2:03:00 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd Null PCIIde

Error - 5/23/2011 8:19:42 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd Null PCIIde

Error - 5/23/2011 8:40:03 PM | Computer Name = ATRIUM | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_SMR200\0000 disappeared from the system without

first being prepared for removal.

Error - 5/24/2011 2:29:32 AM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd Null

Error - 5/24/2011 4:19:06 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd Null

< End of report >

Share this post


Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [EmptyFlash]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Also let me know how it's running now.

Share this post


Link to post
Share on other sites

OTL scan after the fix and reboot: Hopefully this is help identify. THANKS

OTL logfile created on: 5/24/2011 7:48:41 PM - Run 2

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\G-HERO\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 537.79 Mb Available Physical Memory | 52.57% Memory free

1.28 Gb Paging File | 0.78 Gb Available in Paging File | 60.61% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 86.91 Gb Free Space | 58.31% Space Free | Partition Type: NTFS

Computer Name: ATRIUM | User Name: G-HERO | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found

PRC - C:\Documents and Settings\G-HERO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)

SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)

SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys ()

DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\Kbdclass.sy@ (Microsoft Corporation)

DRV - (rt2500usb) DWL-G122(rev.B) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)

DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)

DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys ()

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - prefs.js..extensions.enabledItems: {3A788D52-2B39-4A2B-9FE5-4FA757B20919}:1.9.1

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=en_US&apn_uid=59166D2E-B63F-4F6E-B12B-1690420E6AEA&apn_ptnrs=AU&apn_sauid=26DC9931-E623-4A79-9B75-11B569C1A9F7&apn_dtid=aus002YYUS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/20 12:59:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/17 19:52:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 02:28:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3A788D52-2B39-4A2B-9FE5-4FA757B20919}: C:\Documents and Settings\G-HERO\Local Settings\Application Data\{3A788D52-2B39-4A2B-9FE5-4FA757B20919} [2010/08/05 02:54:22 | 000,000,000 | -H-D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 17:42:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 17:42:52 | 000,000,000 | ---D | M]

[2011/01/07 13:38:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Extensions

[2009/11/18 09:51:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/05/17 03:35:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions

[2011/02/22 19:37:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/05/06 17:21:52 | 000,000,000 | -H-D | M] (Auslogics Toolbar) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions\toolbar@ask.com

[2011/05/17 03:25:21 | 000,002,567 | -H-- | M] () -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\searchplugins\askcom.xml

[2011/05/19 17:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/05/08 17:49:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/24 18:52:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Google Update] File not found

O4 - HKCU..\RunOnce: [shockwave Updater] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\G-HERO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\G-HERO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/23 23:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 16:24:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\G-HERO\Desktop\OTL.exe

[2011/05/22 16:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Start Menu\Programs\Google Chrome

[2011/05/22 15:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\My Documents\Office Depot PC Checkup

[2011/05/22 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\SupportSoft

[2011/05/22 15:02:44 | 000,000,000 | ---D | C] -- C:\temp

[2011/05/22 15:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\OpswatLogs

[2011/05/22 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft

[2011/05/22 12:57:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/22 12:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/22 12:57:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/05/21 23:33:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/05/21 17:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\AVG Security Toolbar

[2011/05/20 15:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\AVG10

[2011/05/19 17:27:13 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\G-HERO\My Documents\Firefox Setup 4.0.1.exe

[2011/05/19 14:27:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/05/19 12:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/05/19 12:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2011/05/19 12:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/05/19 11:21:54 | 000,216,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys

[2011/05/19 10:19:29 | 000,035,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys

[2011/05/18 22:38:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\G-HERO\Recent

[2011/05/17 19:49:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\G-HERO\Start Menu\Programs\Windows XP Recovery

[2011/05/10 03:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/05/08 19:50:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/05/08 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/05/08 19:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/05/08 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/08 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/05/08 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/05/08 17:49:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/05/08 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/05/06 11:54:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\AskToolbar

[2011/05/06 11:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2011/05/06 11:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics

[2011/05/06 11:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

========== Files - Modified Within 30 Days ==========

[2011/05/24 19:13:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004UA.job

[2011/05/24 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/05/24 18:57:01 | 000,019,873 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2011/05/24 18:56:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1965331169-682003330-1004.job

[2011/05/24 18:56:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1965331169-682003330-1004.job

[2011/05/24 18:56:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/24 18:55:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/24 18:55:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/24 18:55:15 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/24 18:52:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/05/24 16:24:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\G-HERO\Desktop\OTL.exe

[2011/05/22 16:13:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004Core.job

[2011/05/22 16:12:39 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Shortcut to iTunes.lnk

[2011/05/22 16:09:44 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Google Chrome.lnk

[2011/05/22 16:09:44 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\G-HERO\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/22 15:26:07 | 000,002,594 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\foldersettings.reg

[2011/05/22 14:00:57 | 000,000,220 | RHS- | M] () -- C:\boot.ini

[2011/05/22 12:57:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/21 19:17:51 | 100,129,653 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare

[2011/05/21 16:26:21 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/05/19 17:43:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/05/19 17:27:13 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\G-HERO\My Documents\Firefox Setup 4.0.1.exe

[2011/05/18 22:31:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/13 22:16:50 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Internet Explorer.lnk

[2011/05/13 13:40:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/06 11:39:31 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Auslogics Registry Cleaner.lnk

========== Files Created - No Company Name ==========

[2011/05/22 16:12:39 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Shortcut to iTunes.lnk

[2011/05/22 16:09:44 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Google Chrome.lnk

[2011/05/22 16:09:44 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\G-HERO\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/22 16:08:03 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004UA.job

[2011/05/22 16:08:02 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004Core.job

[2011/05/22 15:26:13 | 000,002,594 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\foldersettings.reg

[2011/05/22 14:02:03 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/22 12:57:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/21 17:16:08 | 100,129,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare

[2011/05/21 16:26:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/05/19 17:43:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/05/19 17:43:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/05/19 00:03:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1965331169-682003330-1004.job

[2011/05/13 22:16:50 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Internet Explorer.lnk

[2011/05/08 19:45:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/06 11:40:29 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/05/06 11:39:31 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Auslogics Registry Cleaner.lnk

[2011/04/16 04:29:01 | 000,006,804 | -HS- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\b513h2vulke4

[2011/04/16 04:29:01 | 000,006,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b513h2vulke4

[2011/01/07 13:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/02 19:14:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/05 02:54:23 | 000,001,098 | ---- | C] () -- C:\WINDOWS\Sracaxeyuvas.dat

[2010/08/05 02:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Opotireb.bin

[2010/07/15 15:10:20 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/07/03 01:40:47 | 000,000,997 | --S- | C] () -- C:\WINDOWS\System32\2415008438.dat

[2009/12/14 10:46:50 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/09/26 17:42:37 | 000,000,377 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/09/16 22:22:50 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\fusioncache.dat

[2008/09/16 21:20:22 | 000,109,168 | ---- | C] () -- C:\WINDOWS\hpoins08.dat

[2008/09/16 21:20:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat

[2008/09/16 13:57:50 | 000,103,139 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp

[2008/09/16 13:57:50 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp

[2008/09/16 13:42:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2008/08/30 14:27:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2008/08/24 22:42:29 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/24 21:36:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/08/23 23:11:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/08/23 23:04:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/08/23 18:59:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/08/23 18:58:10 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

[2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2002/09/03 12:59:04 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys

[2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2002/09/03 12:52:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2002/09/03 12:51:54 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2002/09/03 12:50:24 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys

[2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2002/09/03 12:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/05 23:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2009/12/05 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

[2011/05/21 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/05/30 20:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/05/19 14:27:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2008/12/20 12:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD

[2011/05/21 23:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/12/20 12:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM

[2011/05/20 23:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/03/18 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2011/05/08 19:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/11 00:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/05/09 00:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/08/07 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

[2009/12/05 23:31:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\acccore

[2010/09/28 17:35:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Auslogics

[2011/05/20 15:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\AVG10

[2010/04/26 06:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\AVG9

[2009/01/11 22:31:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/09/03 22:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Dyuc

[2008/09/15 21:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Image Zone Express

[2010/04/01 00:25:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\LimeWire

[2011/05/22 15:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\OpswatLogs

[2010/06/13 17:47:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Sammsoft

[2011/05/22 15:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\SupportSoft

[2010/10/08 14:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Tycad

[2010/08/07 21:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Uborme

[2010/09/03 23:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Ulocnu

[2010/08/19 22:55:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Umab

[2010/08/04 00:24:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Ykun

[2010/05/30 20:18:36 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2010/05/30 20:18:35 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2011/05/24 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Share this post


Link to post
Share on other sites

These will be there unless you have removed temp files / folders

There might be three numbered folders inside C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp folder. The folders will be numbered 1, 2 and 4.

Inside the 1 folder is a folder named

Share this post


Link to post
Share on other sites

another thing, something is running in the background, not sure what it is. I closed everything, opened Task Manager, CPU is spiking up and down, like a sick roller coaster, full range 0% to 100%.

Share this post


Link to post
Share on other sites
Programs are still hidden, that is Start/All Programs only shows Malwarebytes and other programs I added after running Unhide.exe
has that been corrected?

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.