Work computer keeps having problems

View previous topic View next topic Go down

Work computer keeps having problems

Post by NEB on 14th April 2010, 4:19 am

I've been having problems with my computer at work and ran malwarebytes scan and it keeps seeing a registry key infected

HKEY_CLASSES_ROOT\CLSID\{0eb00690-8fa1-11d3-96c7-829e3ea50c29} (Trojan.Agent)

It keeps saying quarantined and deleted but after each reset it comes back. Ran hijackthis in both safe mode and non-safe mode, I am not sure if it makes a difference

Non-safe mode log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:11:01 PM, on 04/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\Caseware 2009\cwproto.dll
O18 - Protocol: intu-help-qb3 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8922 bytes

Safe-mode hijackthis log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:35:58 PM, on 04/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\Caseware 2009\cwproto.dll
O18 - Protocol: intu-help-qb3 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7921 bytes

Thanks in advance for your help, hopefully it is a fixable problem.

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 14th April 2010, 9:09 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 14th April 2010, 11:24 pm

Hi when I try to download the combofix program McAfee detects a trojan and gives the following details:

Artemis!861A351A57A3 (Trojan)

Edit: If I download combo-fix at home on a flash drive and bring it to work would that do the trick? I am not sure if McAfee thinks combo-fix is a trojan or if the attempted downloading of combo-fix triggers some trojan.

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 15th April 2010, 7:53 pm

Hello.
It's a false positive, please disable Mcafee before downloading it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 16th April 2010, 1:42 am

Hi, did what you said. Hope this works and thanks for going to all this trouble.

ComboFix 10-04-14.04 - Elly 04/15/2010 18:33:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.813 [GMT -7]
Running from: c:\documents and settings\Elly\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-14 00:20 . 2010-04-14 00:20 388096 ----a-r- c:\documents and settings\Elly\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-14 00:20 . 2010-04-14 00:20 -------- d-----w- c:\program files\TrendMicro
2010-04-13 23:57 . 2010-04-14 00:20 -------- d-----w- c:\program files\Exterminate It!
2010-04-06 23:54 . 2010-04-06 23:54 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-17 16:29 . 2010-03-17 16:29 975136 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-03-17 16:29 . 2010-03-17 16:29 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-03-17 16:29 . 2010-03-17 16:28 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcp71.dll
2010-03-17 16:29 . 2010-03-17 16:28 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 21:19 . 2007-10-05 22:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-15 18:51 . 2010-01-26 18:20 -------- d-----w- c:\program files\Mozilla Sunbird
2010-04-14 17:46 . 2008-04-14 21:47 -------- d-----w- c:\program files\2007T1W
2010-04-13 18:28 . 2008-01-10 22:54 -------- d-----w- c:\program files\CCleaner
2010-04-08 20:41 . 2007-09-28 01:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 20:41 . 2007-10-09 17:41 -------- d-----w- c:\program files\winsim
2010-04-08 20:41 . 2007-10-09 17:42 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-04-08 18:46 . 2007-10-05 23:28 -------- d-----w- c:\documents and settings\Elly\Application Data\U3
2010-04-06 23:54 . 2010-03-05 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 15:25 . 2010-03-17 16:36 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-04-06 15:25 . 2010-03-17 16:36 1352968 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-04-01 20:41 . 2008-12-22 23:07 -------- d-----w- c:\program files\Common Files\Installshield Installation Wizard
2010-03-31 15:23 . 2007-09-28 01:39 -------- d-----w- c:\program files\McAfee
2010-03-30 07:46 . 2010-03-05 00:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-03-05 00:28 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 20:45 . 2009-08-20 15:49 -------- d-----w- c:\program files\TOD 072009
2010-03-26 01:49 . 2010-03-17 01:22 2562248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 19:48 . 2010-03-17 00:47 5642 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys
2010-03-17 00:45 . 2010-03-17 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 11
2010-03-17 00:41 . 2008-01-15 23:07 -------- d-----w- c:\program files\Common Files\Intuit
2010-03-17 00:39 . 2010-03-17 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-03-17 00:39 . 2008-01-15 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-03-17 00:39 . 2008-01-15 23:07 -------- d-----w- c:\program files\Intuit
2010-03-17 00:31 . 2010-03-16 23:58 -------- d-----w- c:\documents and settings\Elly\Application Data\Download Manager
2010-03-16 23:58 . 2010-03-16 23:58 -------- d-----w- c:\program files\Akamai
2010-03-11 19:55 . 2010-03-11 19:54 -------- d-----w- c:\documents and settings\Elly\Application Data\V-Safe
2010-03-11 19:55 . 2010-03-11 19:55 1585152 ----a-w- c:\documents and settings\Elly\Application Data\V-Safe\v-safevista.exe
2010-03-11 19:52 . 2010-03-11 19:54 1585152 ----a-w- c:\documents and settings\Elly\Application Data\V-Safe\v-safe100bvista.exe
2010-03-11 18:55 . 2010-03-11 18:55 -------- d-----w- c:\documents and settings\Elly\Application Data\TrueCrypt
2010-03-11 18:49 . 2010-03-11 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt
2010-03-11 18:49 . 2010-03-11 18:49 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-03-11 18:49 . 2010-03-11 18:49 -------- d-----w- c:\program files\TrueCrypt
2010-03-10 17:32 . 2008-10-16 22:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-10 17:24 . 2007-09-28 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 17:23 . 2007-09-28 01:43 -------- d-----w- c:\program files\Google
2010-03-05 20:04 . 2008-03-31 18:11 -------- d-----w- c:\program files\2005T1W
2010-03-05 18:50 . 2010-03-05 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-05 00:28 . 2010-03-05 00:28 -------- d-----w- c:\documents and settings\Elly\Application Data\Malwarebytes
2010-03-05 00:28 . 2010-03-05 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-25 06:24 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 17:53 . 2009-01-07 19:17 -------- d-----w- c:\program files\FormMaster 2009
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]
"PMX Daemon"="ICO.EXE" [2007-03-08 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-20 142104]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-09-28 01:43 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 05:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-10 17:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [08/23/2009 1:00 AM 29992]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [10/05/2007 1:03 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [10/05/2007 1:03 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2010 10:23 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 17:23]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 17:23]

2007-09-28 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-09-28 19:22]

2007-09-28 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-09-28 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Elly\Application Data\Mozilla\Firefox\Profiles\15ppr8ut.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-2007 FormMaster - c:\program files\2007FMW\Uninst.isu
AddRemove-2008 FormMaster - c:\program files\2008FMW\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-15 18:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-15 18:38:04
ComboFix-quarantined-files.txt 2010-04-16 01:38
ComboFix2.txt 2009-08-10 16:11

Pre-Run: 217,189,515,264 bytes free
Post-Run: 217,170,657,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BAE627966CB13D746CEC891E233BBDF8

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 16th April 2010, 8:20 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 16th April 2010, 8:45 pm

It seems to be running smoothly, I have disabled lots of startup programs which also seems to be helping.

Has combofix removed this trojan for good?

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 16th April 2010, 8:48 pm

Combofix didn't remove anything, but may have restored some changed settings that aren't shown however.

Ah well, they come and go. If the machine is running smoothly now, this should be fine, I'm not seeing any malware right now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 16th April 2010, 11:57 pm

Ran a scan with malwarebytes this morning and nothing was found. However, I just did another one and about one minute in it detected the same thing as before...

HKEY_CLASSES_ROOT\CLSID\{0eb00690-8fa1-11d3-96c7-829e3ea50c29} (Trojan.Agent) -> Quarantined and deleted successfully.

So I guess this guy is not gone for good.

Edit: Also I cant do the ComboFix /uninstall as I think when I restarted McAfee it again decided Combofix needed destroying Let me think

What steps should I take now?

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 17th April 2010, 12:33 pm

Turn Mcafee back off, and then re-run MBAM, Mcafee is likely blocking the change.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 18th April 2010, 7:03 pm

I ran in safe mode, disabled all McAfee functions then did MBAM and removed the infected registry. Hopefully it stays gone this time!

edit: Just restarted, ran a quick scan and found nothing. Then a few minutes later scanned again and it was back.

I did visit facebook in between scans, could that be whats causing this problem?

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 18th April 2010, 10:20 pm

Hello.
I suspect it is an exploit on something, there is old software installed that needs updating.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 19th April 2010, 3:36 pm

Hi, here is the uninstall manager list:

2005 T1Plus
2006 T1Plus
2006 T2Plus
2007 T1Plus
2007 T2Plus
2008 T2Plus
Address Book 4.0.7
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Browser Address Error Redirector
CANTAX T1Plus 2008
CANTAX T1Plus 2009
CANTAX T2Plus 08.2
CANTAX T2Plus 09.1
CANTAX T2Plus 09.2
CaseWare Working Papers 2006
CaseWare Working Papers 2008
CaseWare Working Papers 2009
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Easy SystemCleaner 6.0
Exterminate It!
FormMaster 2009
FormMaster 2010
Glary Utilities 2.2.1.63
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP LaserJet P3005
HP LaserJet P3005
HP LaserJet P3005 Install Notes
HP LaserJet P3005 User Guide
Intel(R) PRO Network Connections 12.1.12.0
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 20
jZip
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Mouse Suite for Desktop Computers
Mozilla Firefox (3.6.3)
Mozilla Sunbird (0.9)
Mozilla Thunderbird (1.0)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
NJStar Chinese WP
NVIDIA Drivers
PowerDVD
QuickBooks
QuickBooks EasyStart Free Starter Edition
QuickBooks Premier: Accountant Edition 2008
QuickBooks Premier: Accountant Edition 2010
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Simply Accounting by Sage 2007
Simply Accounting by Sage 2009
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
SupportSoft Assisted Service
TOD 012009
TOD 072007_3 (C:\Program Files\TOD\TOD 072007)
TOD 072008
TOD 072009
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Professional Library - Folio Views
WebEx Record and Playback
Windows Internet Explorer 8
Windows Live installer
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 19th April 2010, 3:42 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Let me know if MBAM still detects that CLSID key.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 19th April 2010, 4:08 pm

I have uninstalled that Java and run the TFC program as you instructed. Haven't seen that infected key yet, but it seems to come and go Laughing

I just updated my Java and Adobe reader this week so hopefully I don't have any other old exploitable programs.

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 19th April 2010, 4:48 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 19th April 2010, 10:48 pm

Hi I havent seen the infected registry key pop-up yet.
However my firefox just disabled a plugin:

Java Deployment Toolkit 6.0.170.4

And my MBAM now shows an infected file:

C:\windows\sed.exe

I am about to run the ESET scanner.

edit: ESET finished and found no threat.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b21843f5ee5d024aa40ef61cc6161dc0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-20 12:54:12
# local_time=2010-04-19 05:54:12 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776533 100 96 1652650 24551746 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98054
# found=0
# cleaned=0
# scan_time=6232

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 20th April 2010, 11:57 am

Hello.
Did you set MBAM to remove the file? hopefully you didn't because that file is legit.

If you have removed it, please restore it from the quarantine.

I want one more scan from MBAM, first though, please update the database in the update tab, then close MBAM.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

mbam /developer

This will start MBAM again, but in a special mode, run a quick scan and post the log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 20th April 2010, 2:27 pm

Hi, I googled it before having MBAM deleting and everything that came up said it was a spyware so I deleted it :sad:

I will run this one and post the log when I get to work.

Here we go:


Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4012

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/20/2010 8:38:42 AM
mbam-log-2010-04-20 (08-38-42).txt

Scan type: Quick scan
Objects scanned: 114428
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 20th April 2010, 7:44 pm

Hello.
Ignore my above post, it's already fixed. It's fine deleted, it's not a system file so deleting it wont cause any harm.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 22nd April 2010, 3:35 pm

Hi, nothing has re-appeared in the last couple days.

Thanks for your help!

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 22nd April 2010, 6:31 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 28th April 2010, 6:04 pm

Hi, sorry to bump an old thread, but this same infected key has shown up again!
In response to your suggestions,

1) I update my windows as updates become available
2) I do not currently have any of these programs on my work or home computer, I assume you would recommend them for every computer?
3) I have always used firefox with an add-block program, but no anti-script programs.
4) I have McAfee Security Centre and set to automatic updates.
5) McAfee Security Centre doubles as my firewall.

Based upon the earlier scans you had me run and all my subsequent scans, it appears to me that the infected key is getting removed but it keeps coming back. Does it keep returning because there is another virus at play here which re-infects the key or am I re-infecting myself by web browsing, etc?

If it's just my own stupidity I can cut back on that and it should be the end of the problem Let me think
If there is some other infection which isn't getting fixed how can I remove that?

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 28th April 2010, 6:43 pm

Hello.

I do not currently have any of these programs on my work or home computer, I assume you would recommend them for every computer?

Not all, just 1 or 2, otherwise all of them may cause a system slow down.

If the infection has re-appeared, please post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 28th April 2010, 7:59 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:58:40 PM, on 04/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: cwt - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\Caseware 2009\cwproto.dll
O18 - Protocol: intu-help-qb3 - (no CLSID) - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9378 bytes

Here we go!

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 29th April 2010, 7:40 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 12th May 2010, 5:23 pm

OTL logfile created on: 05/12/2010 10:17:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Elly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 199.65 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 495.22 Mb Total Space | 45.15 Mb Free Space | 9.12% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJVFVRD1
Current User Name: Elly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 10:16:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elly\Desktop\OTL.exe
PRC - [2010/05/12 09:50:40 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/12 09:50:38 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/10 10:07:24 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/03/08 09:58:00 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2006/11/12 13:13:58 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pmxmiced.exe
PRC - [2006/10/20 15:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 10:16:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elly\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/12 09:50:38 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/23 01:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/27 18:43:25 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/05/25 09:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/11 11:49:27 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/23 16:55:16 | 001,297,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2007/07/22 18:36:42 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/07/22 13:27:12 | 004,424,704 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/20 16:45:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/20 15:14:12 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/27 20:07:48 | 006,738,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 17:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 09:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/04/24 08:59:30 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/04/24 08:57:20 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2004/12/24 22:37:48 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 13:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 14:06:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/26 11:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2008/12/09 10:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elly\Application Data\Mozilla\Extensions
[2010/05/12 09:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elly\Application Data\Mozilla\Firefox\Profiles\15ppr8ut.default\extensions
[2010/04/30 12:16:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Elly\Application Data\Mozilla\Firefox\Profiles\15ppr8ut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 09:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elly\Application Data\Mozilla\Firefox\Profiles\15ppr8ut.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/01/26 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elly\Application Data\Mozilla\Sunbird\Profiles\byma6wvb.default\extensions
[2010/05/12 09:22:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 14:06:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/10 09:06:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cw {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\Caseware 2009\cwproto.dll (CaseWare International Inc.)
O18 - Protocol\Handler\cwt {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\Caseware 2009\cwproto.dll (CaseWare International Inc.)
O18 - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Elly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 12th May 2010, 5:23 pm

Continued


========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 10:16:19 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elly\Desktop\OTL.exe
[2010/05/12 09:52:28 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/12 09:52:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/12 09:41:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/12 09:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/12 09:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/04 08:56:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elly\Recent
[2010/04/19 16:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/17 14:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/17 14:06:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/17 14:06:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/17 14:06:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/17 14:06:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/16 13:18:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/15 18:31:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/15 18:29:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/15 18:29:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/15 18:29:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/15 18:29:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/15 18:29:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/14 16:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elly\My Documents\Downloads
[2010/04/13 17:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elly\Desktop\Fixers
[2010/04/13 17:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/04/13 16:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!

========== Files - Modified Within 30 Days ==========

[2010/05/12 10:16:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elly\Desktop\OTL.exe
[2010/05/12 09:57:55 | 000,027,987 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/12 09:56:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 09:56:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/12 09:56:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 09:56:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 09:53:25 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/12 09:53:09 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Elly\NTUSER.DAT
[2010/05/12 09:53:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Elly\ntuser.ini
[2010/05/12 09:52:04 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/12 09:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/11 13:39:19 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Elly\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/11 09:49:05 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elly\Desktop\Microsoft Office Word 2007.lnk
[2010/05/03 16:56:57 | 000,007,823 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-3.xlsx
[2010/05/03 16:53:01 | 000,007,823 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.xlsx-1.xlsx
[2010/05/03 16:52:58 | 000,016,936 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.110B.xlsx-1.xlsx
[2010/05/03 16:52:54 | 000,011,666 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.xlsx-1.xlsx
[2010/05/03 16:52:51 | 000,011,706 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cDD.xlsx
[2010/05/03 16:52:48 | 000,017,243 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.100B.xlsx-1.xlsx
[2010/05/03 16:52:43 | 000,012,179 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.xlsx-1.xlsx
[2010/05/03 16:52:39 | 000,018,031 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.100B.xlsx-1.xlsx
[2010/05/03 16:52:35 | 000,012,164 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.xlsx-1.xlsx
[2010/05/03 16:52:31 | 000,020,658 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.100B.xlsx-1.xlsx
[2010/05/03 16:52:27 | 000,012,226 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.xlsx-1.xlsx
[2010/05/03 16:52:23 | 000,013,400 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cG.xlsx-1.xlsx
[2010/05/03 16:52:20 | 000,013,868 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cF.xlsx-1.xlsx
[2010/05/03 16:52:16 | 000,012,217 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cE.xlsx-1.xlsx
[2010/05/03 16:52:12 | 000,012,076 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cD.xlsx-1.xlsx
[2010/05/03 16:52:09 | 000,012,100 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cC.xlsx-1.xlsx
[2010/05/03 16:52:05 | 000,014,062 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.110.xlsx-1.xlsx
[2010/05/03 16:52:01 | 000,017,348 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.100B.xlsx-1.xlsx
[2010/05/03 16:51:57 | 000,014,123 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.xlsx-1.xlsx
[2010/05/03 16:51:53 | 000,011,521 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.9.xlsx-1.xlsx
[2010/05/03 16:51:50 | 000,012,619 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.7.xlsx-1.xlsx
[2010/05/03 16:51:46 | 000,011,872 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.6.xlsx-1.xlsx
[2010/05/03 16:51:43 | 000,012,207 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.5.xlsx-1.xlsx
[2010/05/03 16:51:39 | 000,012,511 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.12.xlsx-1.xlsx
[2010/05/03 16:51:36 | 000,011,975 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.11.xlsx-1.xlsx
[2010/05/03 16:51:32 | 000,014,694 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.4.xlsx-1.xlsx
[2010/05/03 16:51:28 | 000,016,836 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.3.xlsx-1.xlsx
[2010/05/03 16:51:22 | 000,026,025 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c690.xlsx-1.xlsx
[2010/05/03 16:51:17 | 000,014,346 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c670.xlsx-1.xlsx
[2010/05/03 16:51:13 | 000,017,837 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c668.xlsx-1.xlsx
[2010/05/03 16:51:09 | 000,016,950 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c666.xlsx-1.xlsx
[2010/05/03 16:51:05 | 000,014,643 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535.xlsx-1.xlsx
[2010/05/03 16:51:01 | 000,013,187 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c528.xlsx-1.xlsx
[2010/05/03 16:50:57 | 000,015,749 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c410.xlsx-1.xlsx
[2010/05/03 16:50:53 | 000,014,054 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c345-AB.xlsx-1.xlsx
[2010/05/03 16:50:49 | 000,013,282 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c315.xlsx-1.xlsx
[2010/05/03 16:50:46 | 000,016,393 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c310.xlsx-1.xlsx
[2010/05/03 16:50:42 | 000,014,074 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.3.xlsx-1.xlsx
[2010/05/03 16:50:38 | 000,015,863 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx-2.xlsx
[2010/05/03 16:50:32 | 000,016,594 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-2.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/22 14:20:13 | 000,007,824 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx-1.xlsx
[2010/04/22 14:20:10 | 000,017,066 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-1.xlsx
[2010/04/19 18:25:22 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/19 18:25:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/19 18:25:22 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 15:53:58 | 308,310,534 | ---- | M] () -- C:\Documents and Settings\Elly\Desktop\Backup.zip
[2010/04/16 09:43:08 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 15:39:31 | 000,016,573 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c705BEX.xlsx
[2010/04/15 15:39:27 | 000,014,376 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535EX.xlsx
[2010/04/15 15:39:24 | 000,012,090 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.11.xlsx
[2010/04/15 15:39:20 | 000,014,023 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.10.xlsx
[2010/04/15 15:39:16 | 000,013,463 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.9.xlsx
[2010/04/15 15:39:13 | 000,016,422 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.8.xlsx
[2010/04/15 15:39:08 | 000,015,941 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.7.xlsx
[2010/04/15 15:39:03 | 000,013,816 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.4.xlsx
[2010/04/15 15:39:00 | 000,013,783 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.3.xlsx
[2010/04/15 15:38:56 | 000,015,434 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.xlsx
[2010/04/15 15:38:52 | 000,016,427 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c730B.xlsx
[2010/04/15 15:38:48 | 000,015,644 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c705B.xlsx
[2010/04/15 15:38:44 | 000,014,496 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c680.xlsx
[2010/04/15 15:38:40 | 000,018,705 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.100B.xlsx
[2010/04/15 15:38:36 | 000,012,433 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.xlsx
[2010/04/15 15:38:32 | 000,016,932 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.110B.xlsx
[2010/04/15 15:38:28 | 000,011,664 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.xlsx
[2010/04/15 15:38:25 | 000,012,727 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.110.xlsx
[2010/04/15 15:38:22 | 000,016,259 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.100B.xlsx
[2010/04/15 15:38:18 | 000,011,969 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.xlsx
[2010/04/15 15:38:14 | 000,012,720 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.110.xlsx
[2010/04/15 15:38:11 | 000,018,029 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.100B.xlsx
[2010/04/15 15:38:07 | 000,012,037 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.xlsx
[2010/04/15 15:38:04 | 000,018,876 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.100B.xlsx
[2010/04/15 15:38:00 | 000,012,226 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.xlsx
[2010/04/15 15:37:56 | 000,013,398 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cG.xlsx
[2010/04/15 15:37:53 | 000,013,371 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cF.xlsx
[2010/04/15 15:37:49 | 000,012,215 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cE.xlsx
[2010/04/15 15:37:46 | 000,012,074 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cD.xlsx
[2010/04/15 15:37:42 | 000,012,098 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cC.xlsx
[2010/04/15 15:37:39 | 000,013,451 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.110.xlsx
[2010/04/15 15:37:36 | 000,017,347 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.100B.xlsx
[2010/04/15 15:37:32 | 000,014,104 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.xlsx
[2010/04/15 15:37:28 | 000,012,199 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.12.xlsx
[2010/04/15 15:37:25 | 000,011,755 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.11.xlsx
[2010/04/15 15:37:22 | 000,011,518 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.9.xlsx
[2010/04/15 15:37:18 | 000,012,629 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.7.xlsx
[2010/04/15 15:37:15 | 000,011,863 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.6.xlsx
[2010/04/15 15:37:11 | 000,011,874 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.5.xlsx
[2010/04/15 15:37:08 | 000,012,516 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.4.xlsx
[2010/04/15 15:37:05 | 000,016,537 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.3.xlsx
[2010/04/15 15:37:00 | 000,026,026 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c690.xlsx
[2010/04/15 15:36:54 | 000,012,022 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c675.xlsx
[2010/04/15 15:36:51 | 000,013,591 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c670.xlsx
[2010/04/15 15:36:48 | 000,016,819 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c668.xlsx
[2010/04/15 15:36:44 | 000,015,180 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c666.xlsx
[2010/04/15 15:36:40 | 000,014,713 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c664.xlsx
[2010/04/15 15:36:37 | 000,014,825 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c662.xlsx
[2010/04/15 15:36:33 | 000,015,417 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c626.xlsx
[2010/04/15 15:36:29 | 000,011,980 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c620.xlsx
[2010/04/15 15:36:26 | 000,013,476 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535.xlsx
[2010/04/15 15:36:23 | 000,013,185 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c528.xlsx
[2010/04/15 15:36:19 | 000,015,746 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c410.xlsx
[2010/04/15 15:36:15 | 000,014,052 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c345-AB.xlsx
[2010/04/15 15:36:11 | 000,012,982 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c315.xlsx
[2010/04/15 15:36:08 | 000,015,850 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c310.xlsx
[2010/04/15 15:36:03 | 000,014,026 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.3.xlsx
[2010/04/15 15:35:59 | 000,015,809 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx
[2010/04/15 15:35:54 | 000,017,597 | ---- | M] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx
[2010/04/13 17:07:09 | 004,322,190 | -H-- | M] () -- C:\Documents and Settings\Elly\Local Settings\Application Data\IconCache.db
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Files Created - No Company Name ==========

[2010/05/12 09:53:24 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/03 16:56:57 | 000,007,823 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-3.xlsx
[2010/05/03 16:53:01 | 000,007,823 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.xlsx-1.xlsx
[2010/05/03 16:52:57 | 000,016,936 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.110B.xlsx-1.xlsx
[2010/05/03 16:52:54 | 000,011,666 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.xlsx-1.xlsx
[2010/05/03 16:52:50 | 000,011,706 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cDD.xlsx
[2010/05/03 16:52:46 | 000,017,243 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.100B.xlsx-1.xlsx
[2010/05/03 16:52:42 | 000,012,179 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.xlsx-1.xlsx
[2010/05/03 16:52:38 | 000,018,031 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.100B.xlsx-1.xlsx
[2010/05/03 16:52:34 | 000,012,164 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.xlsx-1.xlsx
[2010/05/03 16:52:30 | 000,020,658 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.100B.xlsx-1.xlsx
[2010/05/03 16:52:26 | 000,012,226 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.xlsx-1.xlsx
[2010/05/03 16:52:22 | 000,013,400 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cG.xlsx-1.xlsx
[2010/05/03 16:52:19 | 000,013,868 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cF.xlsx-1.xlsx
[2010/05/03 16:52:15 | 000,012,217 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cE.xlsx-1.xlsx
[2010/05/03 16:52:11 | 000,012,076 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cD.xlsx-1.xlsx
[2010/05/03 16:52:08 | 000,012,100 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cC.xlsx-1.xlsx
[2010/05/03 16:52:04 | 000,014,062 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.110.xlsx-1.xlsx
[2010/05/03 16:52:00 | 000,017,348 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.100B.xlsx-1.xlsx
[2010/05/03 16:51:56 | 000,014,123 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.xlsx-1.xlsx
[2010/05/03 16:51:52 | 000,011,521 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.9.xlsx-1.xlsx
[2010/05/03 16:51:49 | 000,012,619 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.7.xlsx-1.xlsx
[2010/05/03 16:51:45 | 000,011,872 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.6.xlsx-1.xlsx
[2010/05/03 16:51:42 | 000,012,207 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.5.xlsx-1.xlsx
[2010/05/03 16:51:38 | 000,012,511 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.12.xlsx-1.xlsx
[2010/05/03 16:51:35 | 000,011,975 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.11.xlsx-1.xlsx
[2010/05/03 16:51:31 | 000,014,694 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.4.xlsx-1.xlsx
[2010/05/03 16:51:26 | 000,016,836 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.3.xlsx-1.xlsx
[2010/05/03 16:51:20 | 000,026,025 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c690.xlsx-1.xlsx
[2010/05/03 16:51:16 | 000,014,346 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c670.xlsx-1.xlsx
[2010/05/03 16:51:12 | 000,017,837 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c668.xlsx-1.xlsx
[2010/05/03 16:51:07 | 000,016,950 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c666.xlsx-1.xlsx
[2010/05/03 16:51:04 | 000,014,643 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535.xlsx-1.xlsx
[2010/05/03 16:51:00 | 000,013,187 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c528.xlsx-1.xlsx
[2010/05/03 16:50:56 | 000,015,749 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c410.xlsx-1.xlsx
[2010/05/03 16:50:52 | 000,014,054 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c345-AB.xlsx-1.xlsx
[2010/05/03 16:50:48 | 000,013,282 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c315.xlsx-1.xlsx
[2010/05/03 16:50:45 | 000,016,393 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c310.xlsx-1.xlsx
[2010/05/03 16:50:40 | 000,014,074 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.3.xlsx-1.xlsx
[2010/05/03 16:50:35 | 000,015,863 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx-2.xlsx
[2010/05/03 16:50:30 | 000,016,594 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-2.xlsx
[2010/04/22 14:20:13 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx-1.xlsx
[2010/04/22 14:20:08 | 000,017,066 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-1.xlsx
[2010/04/19 15:51:01 | 308,310,534 | ---- | C] () -- C:\Documents and Settings\Elly\Desktop\Backup.zip
[2010/04/15 18:31:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/15 18:31:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/15 18:29:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/15 18:29:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/15 18:29:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/15 18:29:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/15 15:39:30 | 000,016,573 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c705BEX.xlsx
[2010/04/15 15:39:26 | 000,014,376 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535EX.xlsx
[2010/04/15 15:39:23 | 000,012,090 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.11.xlsx
[2010/04/15 15:39:19 | 000,014,023 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.10.xlsx
[2010/04/15 15:39:15 | 000,013,463 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.9.xlsx
[2010/04/15 15:39:10 | 000,016,422 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.8.xlsx
[2010/04/15 15:39:06 | 000,015,941 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.7.xlsx
[2010/04/15 15:39:02 | 000,013,816 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.4.xlsx
[2010/04/15 15:38:58 | 000,013,783 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.3.xlsx
[2010/04/15 15:38:54 | 000,015,434 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c10.xlsx
[2010/04/15 15:38:51 | 000,016,427 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c730B.xlsx
[2010/04/15 15:38:47 | 000,015,644 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c705B.xlsx
[2010/04/15 15:38:42 | 000,014,496 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c680.xlsx
[2010/04/15 15:38:38 | 000,018,705 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.100B.xlsx
[2010/04/15 15:38:35 | 000,012,433 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cSS.xlsx
[2010/04/15 15:38:31 | 000,016,932 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.110B.xlsx
[2010/04/15 15:38:27 | 000,011,664 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cFF.xlsx
[2010/04/15 15:38:24 | 000,012,727 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.110.xlsx
[2010/04/15 15:38:20 | 000,016,259 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.100B.xlsx
[2010/04/15 15:38:17 | 000,011,969 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cCC.xlsx
[2010/04/15 15:38:14 | 000,012,720 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.110.xlsx
[2010/04/15 15:38:10 | 000,018,029 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.100B.xlsx
[2010/04/15 15:38:06 | 000,012,037 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cBB.xlsx
[2010/04/15 15:38:02 | 000,018,876 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.100B.xlsx
[2010/04/15 15:37:59 | 000,012,226 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cU.xlsx
[2010/04/15 15:37:55 | 000,013,398 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cG.xlsx
[2010/04/15 15:37:52 | 000,013,371 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cF.xlsx
[2010/04/15 15:37:48 | 000,012,215 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cE.xlsx
[2010/04/15 15:37:45 | 000,012,074 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cD.xlsx
[2010/04/15 15:37:41 | 000,012,098 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cC.xlsx
[2010/04/15 15:37:38 | 000,013,451 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.110.xlsx
[2010/04/15 15:37:34 | 000,017,347 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.100B.xlsx
[2010/04/15 15:37:31 | 000,014,104 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5cA.xlsx
[2010/04/15 15:37:27 | 000,012,199 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.12.xlsx
[2010/04/15 15:37:24 | 000,011,755 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.11.xlsx
[2010/04/15 15:37:21 | 000,011,518 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.9.xlsx
[2010/04/15 15:37:17 | 000,012,629 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.7.xlsx
[2010/04/15 15:37:14 | 000,011,863 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.6.xlsx
[2010/04/15 15:37:10 | 000,011,874 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.5.xlsx
[2010/04/15 15:37:07 | 000,012,516 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.4.xlsx
[2010/04/15 15:37:02 | 000,016,537 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c6.3.xlsx
[2010/04/15 15:36:57 | 000,026,026 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c690.xlsx
[2010/04/15 15:36:53 | 000,012,022 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c675.xlsx
[2010/04/15 15:36:50 | 000,013,591 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c670.xlsx
[2010/04/15 15:36:46 | 000,016,819 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c668.xlsx
[2010/04/15 15:36:43 | 000,015,180 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c666.xlsx
[2010/04/15 15:36:39 | 000,014,713 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c664.xlsx
[2010/04/15 15:36:35 | 000,014,825 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c662.xlsx
[2010/04/15 15:36:32 | 000,015,417 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c626.xlsx
[2010/04/15 15:36:29 | 000,011,980 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c620.xlsx
[2010/04/15 15:36:25 | 000,013,476 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c535.xlsx
[2010/04/15 15:36:22 | 000,013,185 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c528.xlsx
[2010/04/15 15:36:18 | 000,015,746 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c410.xlsx
[2010/04/15 15:36:14 | 000,014,052 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c345-AB.xlsx
[2010/04/15 15:36:10 | 000,012,982 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c315.xlsx
[2010/04/15 15:36:07 | 000,015,850 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c310.xlsx
[2010/04/15 15:36:02 | 000,014,026 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.3.xlsx
[2010/04/15 15:35:56 | 000,015,809 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c1.2.xlsx
[2010/04/15 15:35:52 | 000,017,597 | ---- | C] () -- C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx
[2010/03/16 17:37:54 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/10/19 10:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rightsbr.INI
[2008/04/01 12:14:29 | 000,005,617 | ---- | C] () -- C:\WINDOWS\CTX06T2.INI
[2008/03/31 11:11:38 | 000,005,849 | ---- | C] () -- C:\WINDOWS\CTX05T1.INI
[2008/03/31 11:11:19 | 000,000,098 | ---- | C] () -- C:\WINDOWS\CCHHELP.INI
[2007/10/09 11:46:12 | 000,009,717 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/09 10:42:07 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/10/05 14:39:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xg.ini
[2007/10/05 14:37:43 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xm.ini
[2007/09/27 18:46:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/27 18:43:26 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/09/27 18:36:41 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/27 18:36:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/27 18:31:48 | 000,131,066 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2007/09/27 18:14:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/09/27 18:12:41 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 02:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/05/20 13:44:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/10/26 10:09:46 | 000,332,288 | ---- | C] () -- C:\WINDOWS\System32\ConfigLib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 12th May 2010, 5:24 pm

Extras logfile

OTL Extras logfile created on: 05/12/2010 10:17:43 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Elly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 199.65 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 495.22 Mb Total Space | 45.15 Mb Free Space | 9.12% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJVFVRD1
Current User Name: Elly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076046B-CC5C-4417-8226-5F6D6A626258}" = CANTAX T1Plus 2009
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04428C2D-F2D8-41BA-AE09-46C72DD1207A}" = CANTAX T2Plus 08.2
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{089759B6-8B18-4AE5-9350-E132E0C22C01}" = Simply Accounting by Sage 2007
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F866C38-31B4-4F47-8B1C-EC7A028CDB46}" = CaseWare Working Papers 2008
"{142E0726-73B2-4CD5-95BE-8B018801886C}" = Simply Accounting by Sage 2009
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C2FA9CD-8708-4D5F-B41F-4AA958BDE6CB}" = Virtual Professional Library - Folio Views
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37C11957-8228-4119-888D-3EA6B742BD9C}" = Simply Accounting by Sage 2009
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{397A01AC-5DA4-459A-B365-BA32CC217BC4}" = FormMaster 2009
"{403BC48C-BCAA-47EA-9841-F26599A81E48}" = HP LaserJet P3005 Install Notes
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51A79BE3-6AF4-4405-AC9A-E5F74FE20299}" = Simply Accounting by Sage 2007
"{52484109-00F5-4C50-9E5D-BBD837BC71DD}" = FormMaster 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748B1880-9025-439D-B5D1-E078F2329993}" = HP LaserJet P3005
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks EasyStart Free Starter Edition
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2008
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244AF4E-0CBF-4B06-8579-FC0DE4EC5B38}" = CaseWare Working Papers 2006
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9AD63D7D-6708-4A3E-8839-FD78AFB5791B}" = CANTAX T2Plus 09.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}" = Simply Accounting by Sage 2009
"{C81B59FC-84A4-402B-A787-C5F05779A652}" = CaseWare Working Papers 2009
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF89BE7-8948-478A-A452-3F0E9F69233D}" = HP LaserJet P3005 User Guide
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E17FEE59-F18E-4F33-B70A-67AC21C2AEEB}" = CANTAX T1Plus 2008
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FAC528F1-64FC-4075-AAF5-6F2789F617EE}" = CANTAX T2Plus 09.2
"2005 T1Plus" = 2005 T1Plus
"2006 T1Plus" = 2006 T1Plus
"2006 T2Plus" = 2006 T2Plus
"2007 T1Plus" = 2007 T1Plus
"2007 T2Plus" = 2007 T2Plus
"2008 T2Plus" = 2008 T2Plus
"46a1e86e065821dade4276712973d0c6-99518347" = TOD 072007_3 (C:\Program Files\TOD\TOD 072007)
"Ad-Aware" = Ad-Aware
"Address Book_is1" = Address Book 4.0.7
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BASICR" = Microsoft Office Basic 2007
"CCleaner" = CCleaner
"d30e53dfd4edbe183b897f7e886d6369-450279984" = TOD 072008
"Easy SystemCleaner_is1" = Easy SystemCleaner 6.0
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"Glary Utilities_is1" = Glary Utilities 2.2.1.63
"Google Desktop" = Google Desktop
"HP LaserJet P3005" = HP LaserJet P3005
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (1.0)" = Mozilla Thunderbird (1.0)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NJStar Chinese WP" = NJStar Chinese WP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAssist" = SearchAssist
"TOD 012009" = TOD 012009
"TOD 072009" = TOD 072009
"TrueCrypt" = TrueCrypt
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/13/2010 3:33:32 PM | Computer Name = DJVFVRD1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 04/13/2010 8:33:19 PM | Computer Name = DJVFVRD1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 04/13/2010 8:33:20 PM | Computer Name = DJVFVRD1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 04/13/2010 8:33:22 PM | Computer Name = DJVFVRD1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 04/13/2010 8:33:22 PM | Computer Name = DJVFVRD1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 04/15/2010 7:14:55 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.6524.5003, stamp 4b4fba46,
faulting module excel.exe, version 12.0.6524.5003, stamp 4b4fba46, debug? 0, fault
address 0x001c86d3.

Error - 04/20/2010 8:27:05 PM | Computer Name = DJVFVRD1 | Source = Application Error | ID = 1000
Description = Faulting application cwin32.exe, version 2009.0.185.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x0006235c.

Error - 04/23/2010 9:07:52 PM | Computer Name = DJVFVRD1 | Source = Application Error | ID = 1000
Description = Faulting application cwin32.exe, version 2009.0.185.0, faulting module
mfc80.dll, version 8.0.50727.4053, fault address 0x00032033.

Error - 04/30/2010 2:08:03 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.6524.5003, stamp 4b4fba46,
faulting module excel.exe, version 12.0.6524.5003, stamp 4b4fba46, debug? 0, fault
address 0x00161db4.

Error - 05/12/2010 12:42:32 PM | Computer Name = DJVFVRD1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ OSession Events ]
Error - 07/08/2008 12:53:25 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 597
seconds with 420 seconds of active time. This session ended with a crash.

Error - 07/09/2008 3:00:10 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 9757
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 07/10/2008 6:08:39 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16824
seconds with 4740 seconds of active time. This session ended with a crash.

Error - 07/23/2008 1:26:07 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 621
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/24/2008 3:43:56 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3147
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 07/31/2008 7:17:25 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6549
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 10/13/2009 7:35:46 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 18397
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 10/14/2009 6:39:02 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2467
seconds with 660 seconds of active time. This session ended with a crash.

Error - 04/15/2010 7:14:53 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1836
seconds with 780 seconds of active time. This session ended with a crash.

Error - 04/30/2010 2:08:01 PM | Computer Name = DJVFVRD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 136
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/06/2010 3:46:18 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/06/2010 4:58:24 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/06/2010 5:58:26 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/06/2010 7:10:19 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/07/2010 3:23:44 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/08/2010 1:03:24 PM | Computer Name = DJVFVRD1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.106 for the Network Card with network
address 00179A2CEBFC has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/10/2010 2:02:48 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/10/2010 6:45:56 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/11/2010 12:14:16 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.

Error - 05/11/2010 5:22:53 PM | Computer Name = DJVFVRD1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KEN-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6F895D2D-928F-48DF-. The master browser is stopping or an election
is being forced.


< End of report >

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 12th May 2010, 10:18 pm

Hello.
Do you know what these files are?

C:\Documents and Settings\Elly\My Documents\C!3a!5cDocumentsandSettings!5cElly!5cDesktop!5c0.xlsx-3.xlsx

There are many of them, and they have a weird name, they are using the path for the Desktop?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 12th May 2010, 10:27 pm

They appear to be excel worksheets all created relatively recently. I did not manually create any of those files. Some program must have created them, perhaps they are temporary files? I am not sure.

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 13th May 2010, 10:02 pm

Okay, please delete them.

How is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 13th May 2010, 10:15 pm

Actually it seems to be running somewhat slow today. I migrated almost all my work to a different computer for the time being.

edit: I also downloaded the spybot program you recomended and it is currently running it's immunize feature.

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 14th May 2010, 9:25 am

Hmm.
Can you look in Task Manager for me and see what process is using the most memory? the logs tell me you've got 2gb memory, and 1gb is being used. 1gb should still be enough resources to run smoothly, but weird why 1gb is being eaten away at.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by NEB on 14th May 2010, 3:51 pm

Processes sorted by Mem Usage

McProxy.exe
mcods.exe
Mcshield.exe
explorer.exe
svchost.exe
SimplyConnectionManager.exe
AAWService.exesvchost.exe
McNASvc.exe
QBCFMonitorService.exe
winlogon.exe
svchost.exe
hnm_svc.exe
searchindexer.exe
spoolsv.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
unsecapp.exe
thunderbird.exe
alg.exe
RTHDCPL.EXE
services.exe
csrss.exe
hpzipm12.exe
wuauclt.exe
PDVDDXSrv.exe
wmiprvse.exe
mcvsshld.exe
MpfSrv.exe
mcsysmon.exe
msksrver.exe
mcmscsvc.exe
pmxmiced.exe
jusched.exe
ico.exe
taskmgr.exe
jqs.exe
smss.exe
mcagent.exe
AAWTray.exe
System
System Idle Process

NEB
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-14
OS OS : Windows Vista
Points Points : 24593
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Work computer keeps having problems

Post by Belahzur on 15th May 2010, 12:11 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum