System slow; browser redirected whenever I was at iMDb site

View previous topic View next topic Go down

Solved System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Sat Sep 04, 2010 3:08 pm

I'm running XP with Symantec and AdawarePro. I also had Malwarebytes before the OTL scan, but it has disappeared.

This attack seemed to originate from a trusted site, the Internet Movie Database site, where the browser (IE8) would redirect to a page that said, "cannot locate the topic you searched for, but here are some related sites:" and there were links to antivirus sites and spyware detection sites listed.

No, actually before that, my wireless mini mouse died and could not be revived. For a time it seemed as though no wireless mouse would work. I tried to find software for the GE mini-notebook wireless mouse, but I could not. I did download some freeware then.

Task Scheduler started sending popups, saying that scheduled events were not taking place. In fact, none of my scheduled scans or updates were happening. Symantec and Adaware--I tried manually to update them and run scans, but the updates acted as if they were already completed, and any scan always found nothing malicious. But both programs seemed empty of content, as if they still ran but had nothing inside.

At one point, I opened TaskManager because I could hear that something was running in the background. I saw several programs I had never seen before. My husband Googled the names on his computer and found each one described as a virus or trojan. Symantec did not recognize them, though. I tried just deleting them, at which time Symantec automatically launched and downloaded software as if it had been newly installed. The Task Scheduler still launches popups when I boot up the computer that say that scheduled tasks are not being completed. So, I do not know whether my system is still infected or not, though scans by both protection programs continually come back clean. When I had Malwarebytes (it is gone now that OTL scan is finished), I ran it several times, and it usually found 3 or 4 programs each time, but eventually found nothing.

I have the two txt files from OTL I will send in separate posts, plus one txt file from Malwarebytes that OTL did not wipe out; I will paste it into a third message, because this site is telling me my post is too big if I include them here.

Thank you for your help!
GrannySlammy





Last edited by GrannySlammy on Sat Sep 04, 2010 3:20 pm; edited 1 time in total

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved first attachment: txt file from Malwarebytes

Post by GrannySlammy on Sat Sep 04, 2010 3:10 pm

Malwarebytes' Anti-Malware 1.46
DB: 4524

IE: Internet Explorer 8.0.6001.18702
OS: Windows 5.1.2600 Service Pack 3
EX: C:\Program Files\Malwarebytes' Anti-Malware\mbam
DB: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

U: Owner

W: C:\WINDOWS

S: C:\WINDOWS\system32

RD: C:

PF: C:\Program Files

CF: C:\Program Files\Common Files

DAS: C:\Documents and Settings

D: C:\Documents and Settings\Administrator\Desktop
D: C:\Documents and Settings\All Users\Desktop
D: C:\Documents and Settings\Default User\Desktop
D: C:\Documents and Settings\LocalService\Desktop
D: C:\Documents and Settings\Owner.Owner\Desktop
D: C:\WINDOWS\system32\config\systemprofile\Desktop

SM: C:\Documents and Settings\Administrator\Start Menu
SM: C:\Documents and Settings\All Users\Start Menu
SM: C:\Documents and Settings\Default User\Start Menu
SM: C:\Documents and Settings\Owner.Owner\Start Menu
SM: C:\WINDOWS\system32\config\systemprofile\Start Menu

UR: C:\Documents and Settings\Administrator
UR: C:\Documents and Settings\All Users
UR: C:\Documents and Settings\Default User
UR: C:\Documents and Settings\LocalService
UR: C:\Documents and Settings\NetworkService
UR: C:\Documents and Settings\Owner
UR: C:\Documents and Settings\Owner.Owner
UR: C:\Documents and Settings\OWNER~1OWN
UR: C:\WINDOWS\system32\config\systemprofile

F: C:\Documents and Settings\Administrator\Favorites
F: C:\Documents and Settings\All Users\Favorites
F: C:\Documents and Settings\Default User\Favorites
F: C:\Documents and Settings\Owner.Owner\Favorites
F: C:\Documents and Settings\Owner\Favorites
F: C:\WINDOWS\system32\config\systemprofile\Favorites

AD: C:\Documents and Settings\All Users\Application Data
AD: C:\Documents and Settings\Owner.Owner\Application Data
AD: C:\Documents and Settings\Administrator\Application Data
AD: C:\Documents and Settings\Default User\Application Data
AD: C:\Documents and Settings\LocalService\Application Data
AD: C:\Documents and Settings\NetworkService\Application Data
AD: C:\Documents and Settings\Owner\Application Data
AD: C:\WINDOWS\system32\config\systemprofile\Application Data

QL: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch
QL: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch

TF: C:\Documents and Settings\Administrator\Local Settings\Temp
TF: C:\Documents and Settings\Default User\Local Settings\Temp
TF: C:\Documents and Settings\LocalService\Local Settings\Temp
TF: C:\Documents and Settings\NetworkService\Local Settings\Temp
TF: C:\Documents and Settings\Owner.Owner\Local Settings\Temp
TF: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp
TF: C:\WINDOWS\Temp

P: C:\Documents and Settings\Administrator\Start Menu\Programs
P: C:\Documents and Settings\All Users\Start Menu\Programs
P: C:\Documents and Settings\Default User\Start Menu\Programs
P: C:\Documents and Settings\Owner.Owner\Start Menu\Programs
P: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs

S: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
S: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
S: C:\Documents and Settings\Default User\Start Menu\Programs\Startup
S: C:\Documents and Settings\Owner.Owner\Start Menu\Programs\Startup
S: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup

D: C:\Documents and Settings\Administrator\My Documents
D: C:\Documents and Settings\All Users\Documents
D: C:\Documents and Settings\Default User\My Documents
D: C:\Documents and Settings\Owner.Owner\My Documents
D: C:\WINDOWS\system32\config\systemprofile\My Documents

I don't know enough to be able to find resolution, so I followed the instructions in your forum, updated my Java, etc, downloaded OTL. Here are the two .txt files from the OTL scan that I ran a few minutes ago:

OTL Extras logfile created on: 9/4/2010 6:33:10 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner.Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.40 Gb Total Space | 84.87 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 1.73 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe:*:Enabled:Symantec Endpoint Protection -- (Symantec Corporation)
"C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe" = C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe:*:Enabled:Adobe InDesign CS5 (2) -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Help\Adobe Help.exe" = C:\Program Files\Adobe\Adobe Help\Adobe Help.exe:*:Enabled:Adobe Help -- ()
"C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe" = C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe:*:Enabled:Adobe ExtendScript Toolkit CS5 (2) -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" = C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe:*:Enabled:Adobe Bridge CS5 (2) -- (Adobe Systems, Inc.)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft)
"C:\Program Files\Browser Mouse\mouse32a.exe" = C:\Program Files\Browser Mouse\mouse32a.exe:*:Enabled: Browser Mouse -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37566D8F-0EA4-46EF-8858-973FF21853B6}" = Nitro PDF Reader
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.7 Professional Edition
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AT&T Wireless Connection Tool" = AT&T Wireless Connection Tool
"ATT-SST" = AT&T Self Support Tool
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 8.1
"Browser Mouse" = Browser Mouse
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Dasher" = Dasher
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Gateway Game Console" = Gateway Game Console
"gtw_logo" = gtw_logo
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFZilla_is1" = PDFZilla V1.2.9
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PocketRAR" = Pocket RAR documentation
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2006" = TaxACT 2006
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Missouri" = TaxACT 2008 Missouri
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"TaxACT Missouri 2006" = TaxACT Missouri 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"WinCalendar" = WinCalendar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2010 12:45:43 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18304016

Error - 9/2/2010 12:45:43 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18304016

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18306078

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18306078

Error - 9/3/2010 1:28:57 PM | Computer Name = TLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 9/4/2010 12:12:35 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x47634d20.

Error - 9/4/2010 12:12:50 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1352740240.

Error - 9/4/2010 7:10:17 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/4/2010 7:10:24 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.

[ Cisco AnyConnect VPN Client Events ]
Error - 4/20/2010 2:36:59 PM | Computer Name = OWNER | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.

Error - 4/20/2010 2:36:59 PM | Computer Name = OWNER | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: The system cannot
find the file specified.

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: The system cannot
find the file specified.

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::ReadManifestFile File: ..\..\Downloader\ManifestInfo.cpp
Line:
258 Invoked Function: FileCbSize Return Code: -33554430 (0xFE000002) Description:
GLOBAL_ERROR_BAD_PARAMETER

Error - 4/20/2010 2:37:34 PM | Computer Name = OWNER | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
AutoConnectOnStart

Error - 4/20/2010 2:37:34 PM | Computer Name = OWNER | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 4/20/2010 2:37:38 PM | Computer Name = OWNER | Source = vpnui | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

Error - 4/20/2010 5:13:09 PM | Computer Name = OWNER | Source = vpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

Error - 4/20/2010 5:13:09 PM | Computer Name = OWNER | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ OSession Events ]
Error - 3/5/2010 2:26:39 AM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/8/2010 9:18:26 PM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 548145
seconds with 28680 seconds of active time. This session ended with a crash.

Error - 4/28/2010 3:37:46 AM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/8/2010 9:18:54 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 505086
seconds with 11340 seconds of active time. This session ended with a crash.

Error - 8/29/2010 10:12:10 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4927
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/1/2010 12:25:20 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:21 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:22 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:23 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:25 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:26 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:27 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 2:14:55 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 9/1/2010 9:49:57 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 9/3/2010 1:16:37 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved 3rd msg-- txt msg from OTL: "Extras.txt"

Post by GrannySlammy on Sat Sep 04, 2010 3:11 pm

OTL Extras logfile created on: 9/4/2010 6:33:10 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner.Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.40 Gb Total Space | 84.87 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 1.73 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe:*:Enabled:Symantec Endpoint Protection -- (Symantec Corporation)
"C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe" = C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe:*:Enabled:Adobe InDesign CS5 (2) -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Help\Adobe Help.exe" = C:\Program Files\Adobe\Adobe Help\Adobe Help.exe:*:Enabled:Adobe Help -- ()
"C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe" = C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe:*:Enabled:Adobe ExtendScript Toolkit CS5 (2) -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" = C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe:*:Enabled:Adobe Bridge CS5 (2) -- (Adobe Systems, Inc.)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- (Lavasoft)
"C:\Program Files\Browser Mouse\mouse32a.exe" = C:\Program Files\Browser Mouse\mouse32a.exe:*:Enabled: Browser Mouse -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37566D8F-0EA4-46EF-8858-973FF21853B6}" = Nitro PDF Reader
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.7 Professional Edition
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AT&T Wireless Connection Tool" = AT&T Wireless Connection Tool
"ATT-SST" = AT&T Self Support Tool
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 8.1
"Browser Mouse" = Browser Mouse
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Dasher" = Dasher
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Gateway Game Console" = Gateway Game Console
"gtw_logo" = gtw_logo
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFZilla_is1" = PDFZilla V1.2.9
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PocketRAR" = Pocket RAR documentation
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2006" = TaxACT 2006
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Missouri" = TaxACT 2008 Missouri
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"TaxACT Missouri 2006" = TaxACT Missouri 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"WinCalendar" = WinCalendar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2010 12:45:43 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18304016

Error - 9/2/2010 12:45:43 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18304016

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18306078

Error - 9/2/2010 12:45:45 PM | Computer Name = TLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18306078

Error - 9/3/2010 1:28:57 PM | Computer Name = TLAPTOP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 9/4/2010 12:12:35 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x47634d20.

Error - 9/4/2010 12:12:50 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1352740240.

Error - 9/4/2010 7:10:17 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/4/2010 7:10:24 AM | Computer Name = TLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.

[ Cisco AnyConnect VPN Client Events ]
Error - 4/20/2010 2:36:59 PM | Computer Name = OWNER | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.

Error - 4/20/2010 2:36:59 PM | Computer Name = OWNER | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: The system cannot
find the file specified.

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: The system cannot
find the file specified.

Error - 4/20/2010 2:37:27 PM | Computer Name = OWNER | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::ReadManifestFile File: ..\..\Downloader\ManifestInfo.cpp
Line:
258 Invoked Function: FileCbSize Return Code: -33554430 (0xFE000002) Description:
GLOBAL_ERROR_BAD_PARAMETER

Error - 4/20/2010 2:37:34 PM | Computer Name = OWNER | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
AutoConnectOnStart

Error - 4/20/2010 2:37:34 PM | Computer Name = OWNER | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 4/20/2010 2:37:38 PM | Computer Name = OWNER | Source = vpnui | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 344
Invoked
Function: FormatMessage Return Code: 3 (0x00000003) Description: The system cannot
find the path specified.

Error - 4/20/2010 5:13:09 PM | Computer Name = OWNER | Source = vpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

Error - 4/20/2010 5:13:09 PM | Computer Name = OWNER | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ OSession Events ]
Error - 3/5/2010 2:26:39 AM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/8/2010 9:18:26 PM | Computer Name = OWNER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 548145
seconds with 28680 seconds of active time. This session ended with a crash.

Error - 4/28/2010 3:37:46 AM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/8/2010 9:18:54 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 505086
seconds with 11340 seconds of active time. This session ended with a crash.

Error - 8/29/2010 10:12:10 PM | Computer Name = TLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4927
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/1/2010 12:25:20 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:21 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:22 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:23 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:25 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:26 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 12:25:27 PM | Computer Name = TLAPTOP | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 9/1/2010 2:14:55 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 9/1/2010 9:49:57 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 9/3/2010 1:16:37 PM | Computer Name = TLAPTOP | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Post #4 - txt file from OTL: "OTL.txt"

Post by GrannySlammy on Sat Sep 04, 2010 3:18 pm

Site says it is too big. (I must be doing something wrong here. Sorry!) I'll break it into two messages:

OTL.txt part one:
OTL logfile created on: 9/4/2010 6:33:10 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Owner.Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.40 Gb Total Space | 84.87 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 1.73 Gb Free Space | 32.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/04 06:28:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
PRC - [2010/09/02 14:23:00 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/02 14:22:58 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/30 03:17:22 | 000,356,352 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe
PRC - [2010/07/27 05:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/05/25 12:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/05/10 09:27:58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/18 15:26:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BellSouthWCC\McciTrayApp.exe
PRC - [2009/10/18 21:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/07/02 15:31:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/05/19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/01/14 15:29:24 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/14 15:29:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/01/14 15:29:20 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/01/14 15:29:20 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/01/14 15:29:20 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/05/23 14:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2005/12/28 13:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 13:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 13:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 13:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 13:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 13:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/27 05:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/12 14:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 14:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/05 04:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/04 06:28:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
MOD - [2010/08/30 03:17:22 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\mouDL32A.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/11/05 04:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/02 14:22:58 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/25 12:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 15:31:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/01/14 15:29:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/01/14 15:29:24 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/01/14 15:29:22 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/01/14 15:29:20 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/01/14 15:29:20 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/28 13:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/12/28 13:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/12/28 13:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/10/12 14:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/09/02 14:24:14 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/29 19:36:11 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/20 00:00:26 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/07/13 03:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100903.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 03:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100903.050\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/05/26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/05 04:03:43 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/02/05 04:03:43 | 000,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/12/17 17:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/18 15:26:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/18 15:26:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/05 00:42:25 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 15:29:49 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/14 15:29:26 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/01/14 15:29:24 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/14 15:29:24 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/14 15:29:24 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/14 15:29:22 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/01/14 15:29:22 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/01/14 15:29:16 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/01/14 15:29:16 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/01/14 15:29:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/01/14 15:29:14 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/06/15 10:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 14:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/01/23 04:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/12/28 15:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/09/20 19:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 04:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.springfieldsource.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 12:10:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/01 13:20:26 | 000,000,000 | ---D | M]

[2009/10/06 01:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Extensions
[2010/07/19 17:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions
[2010/07/19 17:21:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 05:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 15:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 05:47:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/12/04 12:30:23 | 000,000,480 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([bearmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([bearmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([blackboard] https in Trusted sites)
O15 - HKCU\..Trusted Domains: missouristate.edu ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: symantec.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: symantecliveupdate.com ([liveupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: symantecliveupdate.com ([liveupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([my] http in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} [You must be registered and logged in to see this link.] (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Owner\My Documents\2010_schedule Yankees\sept and oct schedule.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Owner\My Documents\2010_schedule Yankees\sept and oct schedule.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 19:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{019e5c97-59fe-11df-880d-0018de8a2113}\Shell\AutoRun\command - "" = I:\Windows\bin\eblSetup.exe -- File not found
O33 - MountPoints2\{0a8861ba-6bb5-11de-87a2-0018de8a2113}\Shell - "" = AutoRun
O33 - MountPoints2\{0a8861ba-6bb5-11de-87a2-0018de8a2113}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a8861ba-6bb5-11de-87a2-0018de8a2113}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{180aa25a-8972-11df-8823-0018de8a2113}\Shell\AutoRun\command - "" = I:\Windows\bin\eblSetup.exe -- File not found
O33 - MountPoints2\{39529878-702b-11de-87a7-0018de8a2113}\Shell - "" = AutoRun
O33 - MountPoints2\{39529878-702b-11de-87a7-0018de8a2113}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{39529878-702b-11de-87a7-0018de8a2113}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{59826f4d-6749-11de-8792-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{59826f4d-6749-11de-8792-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ad3ed89-84e0-11df-8821-0018de8a2113}\Shell\AutoRun\command - "" = I:\Windows\bin\eblSetup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AdobeBridge - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

(continued in next post)

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Post #5 - second half of OTL.txt

Post by GrannySlammy on Sat Sep 04, 2010 3:18 pm

========== Files/Folders - Created Within 30 Days ==========

[2010/09/04 06:28:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
[2010/09/04 06:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Desktop\JavaRa[1]
[2010/09/04 05:47:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/04 05:47:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/04 05:47:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/03 22:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\My Documents\Large Docs Archives my pubs mss Raffel mss etc
[2010/09/02 14:05:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/09/01 13:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/01 13:35:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/01 13:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Application Data\Malwarebytes
[2010/09/01 13:24:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/01 13:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/01 13:24:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/01 13:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 00:06:25 | 000,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/08/31 00:06:25 | 000,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/08/30 03:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Browser Mouse
[2010/08/30 02:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\My Documents\HardwareHelper
[2010/08/29 21:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\BellSouthWCC
[2010/08/29 19:24:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
[2010/08/28 20:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sapro Systems WinCalendar
[2010/08/28 15:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Desktop\downloaded from eecu on 082810
[2010/08/21 21:42:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/08/21 20:42:24 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC560C.dll
[2010/08/21 20:42:24 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC560L.dll
[2010/08/21 20:42:24 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC560I.dll
[2010/08/21 20:42:24 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC560U.dll
[2010/08/21 20:42:24 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2010/08/21 20:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Application Data\Canon Easy-WebPrint EX
[2010/08/21 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/08/21 20:34:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/21 20:33:48 | 000,272,384 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMA0.DLL
[2010/08/21 20:33:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/08/21 20:33:28 | 000,178,176 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUA0.DLL
[2010/08/21 20:33:16 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/08/21 20:33:03 | 000,137,216 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2010/08/21 20:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2010/08/21 20:33:02 | 000,353,792 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2010/08/21 20:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM
[2010/08/21 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/08/21 18:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Application Data\Motive
[2010/08/21 18:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2010/08/21 18:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/08/21 18:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/08/20 00:00:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/20 00:00:26 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/19 23:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\Sunbelt Software
[2010/08/19 23:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/19 23:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/16 21:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\My Documents\Adobe Scripts
[2010/08/15 14:13:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Owner\Recent
[2010/08/14 21:59:16 | 002,288,616 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner.Owner\Desktop\ParetoLogic FileCure.exe
[2010/08/13 19:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Owner\Desktop\Audacity program and manual
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/04 06:30:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/09/04 06:30:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/09/04 06:30:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/09/04 06:30:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/09/04 06:30:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly scan).job
[2010/09/04 06:30:02 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily Scan).job
[2010/09/04 06:28:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Owner\Desktop\OTL.com
[2010/09/04 06:25:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/04 04:05:41 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/09/03 12:16:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/03 12:16:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/03 06:45:39 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\NTUSER.DAT
[2010/09/03 06:45:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.Owner\ntuser.ini
[2010/09/03 06:45:24 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\IconCache.db
[2010/09/03 06:44:35 | 000,000,115 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.SYL
[2010/09/03 02:53:55 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 20:41:19 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Points FA 10.docx
[2010/09/02 20:34:52 | 002,614,725 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\ad_aware_manual.pdf
[2010/09/02 14:24:17 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/02 04:51:24 | 000,012,598 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\post on movie called two thirty-seven.docx
[2010/09/02 04:51:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\~$st on movie called two thirty-seven.docx
[2010/09/01 14:40:36 | 000,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/01 14:40:36 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 14:40:36 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/09/01 13:30:16 | 000,004,530 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\csv-26018433-133004-2028.pdf
[2010/09/01 01:04:12 | 000,022,491 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Good movies.docx
[2010/08/31 12:39:07 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Shortcut to Control Panel.lnk
[2010/08/30 20:57:22 | 000,100,614 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\CFP Jo of Hi Ed.pdf
[2010/08/30 13:49:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/29 19:36:11 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/29 19:24:45 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/29 19:24:45 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/28 21:19:03 | 000,455,701 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\eBookAgreement-6053448.pdf
[2010/08/28 21:18:46 | 000,273,592 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\IRSw9.pdf
[2010/08/28 21:18:32 | 000,424,066 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\USPODAgreement-6053448.pdf
[2010/08/28 20:35:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/08/28 20:26:36 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\WinCalendar.lnk
[2010/08/27 14:22:42 | 000,246,429 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Affairs Intensive Experiences[1].pdf
[2010/08/25 10:41:10 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 21:06:14 | 000,055,161 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Bb each new semester Steps to complete.docx
[2010/08/22 20:52:19 | 000,011,895 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\mlb.docx
[2010/08/21 20:48:53 | 000,010,864 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Canon Printer Setup Results stats.docx
[2010/08/21 20:42:51 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/08/21 20:40:15 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK
[2010/08/21 20:37:47 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/08/21 20:37:32 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/08/21 20:35:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2010/08/21 20:35:06 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2010/08/21 20:34:46 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk
[2010/08/21 19:17:14 | 000,014,201 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\ATandT shady oaks internet info.docx
[2010/08/21 18:21:14 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2010/08/20 10:56:45 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/20 02:50:53 | 000,012,522 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Fall 2010 MWF class calendar.docx
[2010/08/20 00:00:26 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/19 04:42:44 | 000,070,845 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Fall_2010_Final_Examination_Period.pdf
[2010/08/18 14:34:11 | 000,025,589 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\second Nathan blog.docx
[2010/08/18 13:09:33 | 000,028,170 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Salt tips for cleaning health and beauty etc.docx
[2010/08/16 13:10:48 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/08/14 21:59:33 | 002,288,616 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner.Owner\Desktop\ParetoLogic FileCure.exe
[2010/08/14 00:19:53 | 000,014,217 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\msg to friends re Nathans book.docx
[2010/08/13 22:28:40 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini
[2010/08/13 01:26:21 | 000,011,926 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Spring 2011 schedule.docx
[2010/08/13 01:25:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\~$ring 2011 schedule.docx
[2010/08/12 23:22:59 | 000,022,746 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\printers.docx
[2010/08/12 19:19:17 | 000,531,380 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Affairs Week 2010 flyer Women Leading in a Global Society[1].pdf
[2010/08/11 01:48:12 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Desktop\Shortcut to Photoshop.lnk
[2010/08/11 00:04:25 | 002,070,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 23:57:57 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 23:57:57 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 23:57:57 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 23:17:51 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/08/09 05:21:51 | 000,012,536 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\Kahlil Gibran Winter.docx
[2010/08/07 21:11:05 | 000,374,014 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\My Documents\photo of dr nathan and his puppy.docx
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/04 06:29:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/09/04 06:29:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/09/04 06:29:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/09/04 06:29:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/09/04 06:29:56 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly scan).job
[2010/09/04 06:29:55 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily Scan).job
[2010/09/03 02:53:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\housecall.guid.cache
[2010/09/02 15:27:41 | 002,614,725 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\ad_aware_manual.pdf
[2010/09/02 04:51:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\~$st on movie called two thirty-seven.docx
[2010/09/02 04:51:21 | 000,012,598 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\post on movie called two thirty-seven.docx
[2010/09/01 13:30:15 | 000,004,530 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\csv-26018433-133004-2028.pdf
[2010/08/31 12:39:07 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Shortcut to Control Panel.lnk
[2010/08/30 20:57:22 | 000,100,614 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\CFP Jo of Hi Ed.pdf
[2010/08/29 19:24:45 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/29 19:24:45 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/29 18:07:15 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/28 21:18:54 | 000,455,701 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\eBookAgreement-6053448.pdf
[2010/08/28 21:18:41 | 000,273,592 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\IRSw9.pdf
[2010/08/28 21:18:25 | 000,424,066 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\USPODAgreement-6053448.pdf
[2010/08/28 20:26:36 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\WinCalendar.lnk
[2010/08/27 14:22:42 | 000,246,429 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Affairs Intensive Experiences[1].pdf
[2010/08/26 17:00:55 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Points FA 10.docx
[2010/08/23 02:53:04 | 000,055,161 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Bb each new semester Steps to complete.docx
[2010/08/22 20:52:16 | 000,011,895 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\mlb.docx
[2010/08/21 20:48:53 | 000,010,864 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Canon Printer Setup Results stats.docx
[2010/08/21 20:42:51 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2010/08/21 20:42:24 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\CNC173ED.TBL
[2010/08/21 20:40:15 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK
[2010/08/21 20:37:47 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/08/21 20:37:32 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/08/21 20:35:46 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2010/08/21 20:35:06 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2010/08/21 20:34:46 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk
[2010/08/21 18:32:48 | 000,014,201 | -H-- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\ATandT shady oaks internet info.docx
[2010/08/21 18:21:14 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk
[2010/08/19 04:42:44 | 000,070,845 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Fall_2010_Final_Examination_Period.pdf
[2010/08/18 23:21:54 | 000,012,522 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Fall 2010 MWF class calendar.docx
[2010/08/18 12:52:25 | 000,028,170 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Salt tips for cleaning health and beauty etc.docx
[2010/08/17 12:12:53 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/08/16 17:03:51 | 000,025,589 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\second Nathan blog.docx
[2010/08/16 13:10:48 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/08/13 01:25:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\~$ring 2011 schedule.docx
[2010/08/12 23:22:58 | 000,022,746 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\printers.docx
[2010/08/12 19:19:16 | 000,531,380 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Desktop\Public Affairs Week 2010 flyer Women Leading in a Global Society[1].pdf
[2010/08/12 04:24:07 | 000,014,217 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\msg to friends re Nathans book.docx
[2010/08/10 23:17:51 | 000,082,111 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/08/10 23:17:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/08/09 05:21:51 | 000,012,536 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Kahlil Gibran Winter.docx
[2010/08/07 21:11:04 | 000,374,014 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\photo of dr nathan and his puppy.docx
[2010/08/05 14:53:00 | 000,011,926 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\My Documents\Spring 2011 schedule.docx
[2010/07/28 04:16:38 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/09 23:01:48 | 000,020,536 | ---- | C] () -- C:\Program Files\Ophcrack LiveCD 2.docx
[2010/06/03 22:29:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/05/07 15:04:01 | 000,000,729 | ---- | C] () -- C:\Program Files\readme.txt
[2010/04/13 14:29:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/10/10 19:07:14 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\fusioncache.dat
[2009/09/30 20:30:02 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 21:06:00 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2009/09/05 16:54:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/08/04 17:09:56 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2009/08/04 17:07:46 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2009/08/04 17:07:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2009/07/27 22:30:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/07/07 23:18:41 | 000,005,320 | ---- | C] () -- C:\Documents and Settings\Owner.Owner\Application Data\wklnhst.dat
[2009/07/05 21:01:05 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/05 21:00:33 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/07/05 21:00:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/07/02 15:36:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2009/07/02 15:24:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/11/30 17:13:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/01/14 15:29:26 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/01/14 15:29:26 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009/01/14 15:29:26 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/01/14 15:29:22 | 000,092,488 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2009/01/14 15:29:22 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2009/01/14 15:29:26 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2006/06/16 21:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/16 21:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/16 21:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 08:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 05:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 05:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 05:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 05:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 05:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 05:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 05:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 05:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 05:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 05:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 05:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 05:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 05:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/14 05:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 05:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/09/03 12:15:46 | 000,003,844 | ---- | M] () -- C:\aaw7boot.log
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/01 14:40:36 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/04 06:14:27 | 000,008,511 | ---- | M] () -- C:\JavaRa.log
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/02 18:03:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/03 12:15:56 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/06 20:26:17 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\uninstall_flash_player.exe
[2009/07/02 15:17:21 | 000,000,002 | RHS- | M] () -- C:\USER

< %PROGRAMFILES%\*. >
[2009/09/15 21:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\2nd Story Software
[2010/08/09 02:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/03 17:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/21 18:27:06 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2010/06/25 02:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/07/28 04:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2010/08/29 21:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouthWCC
[2010/06/05 12:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/30 03:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Browser Mouse
[2010/08/21 21:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/08/21 20:33:16 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/12/14 02:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/08/21 20:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/06/17 04:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/02 15:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/02 02:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/02 15:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway Games
[2009/07/03 22:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/02 15:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\gtw_logo
[2010/06/21 00:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/06/21 00:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/04/10 13:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\HP RecordNow
[2009/07/02 15:31:45 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/02 15:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/19 22:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Chess Club
[2010/08/11 00:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/05 12:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/05 12:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/04 06:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/18 19:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/06/26 03:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2010/09/02 14:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/09/01 13:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/02 15:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/07/03 16:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/02 15:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2006/06/17 04:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/07/05 00:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/09/06 18:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2009/07/08 22:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/08 22:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/08 22:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/21 21:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/07/08 22:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/02 15:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2010/08/10 23:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/01 14:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/08 22:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/08 23:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/06/17 04:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/02 15:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2006/06/17 04:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/07/03 16:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/07/02 15:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2009/07/02 18:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/06/20 02:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\New Folder
[2010/06/01 13:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2009/07/05 04:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Office03
[2006/06/17 04:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/12/18 19:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/12 03:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/14 23:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\PDFZilla
[2010/07/02 14:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\PocketRAR
[2010/06/05 12:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/02 15:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/03 22:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/28 20:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Sapro Systems WinCalendar
[2009/07/02 15:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/07/02 02:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/07/05 00:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/07/02 15:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/06/17 04:46:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/27 22:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\USPS
[2009/07/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/07/02 15:25:36 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/07/03 22:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/03 22:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/02 18:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/06/17 04:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/06/17 04:39:10 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/02 15:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/10 02:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinUtilities
[2006/06/17 04:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2006/06/16 21:31:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\desktop.ini
[2010/08/10 23:18:06 | 000,082,111 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/07/12 22:12:21 | 000,005,320 | ---- | M] () -- C:\Documents and Settings\Owner.Owner\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2005/10/12 08:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\DRV\SCS\iastor.sys
[2005/10/12 14:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 08:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys
[2005/10/12 14:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 05:00:08
< End of report >

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Sat Sep 04, 2010 4:54 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Sat Sep 04, 2010 10:08 pm

Thank you for such a fast reply!
I completed the task you gave me, and the Quick Scan did not find any malicious items, which confuses me, because the system is still giving me the error message that the Task Scheduler is not working correctly (this would be the auto updates of Symantec and Adaware) whenever I boot the computer OR even when I wake it up from StandBy.

Here is the MBAM Log from the Quick Scan just now:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4545

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 4:55:11 PM
mbam-log-2010-09-04 (16-55-11).txt

Scan type: Quick scan
Objects scanned: 153946
Time elapsed: 10 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
***EOM****

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Sat Sep 04, 2010 11:15 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Sun Sep 05, 2010 2:15 am

Thank you for perfectly clear instructions. Here is the combofix.txt file:

ComboFix 10-09-04.04 - Owner 09/04/2010 20:50:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.341 [GMT -5:00]
Running from: c:\documents and settings\Owner.Owner\Desktop\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-02 19:05 . 2010-09-03 17:15 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-01 18:36 . 2010-09-01 18:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-09-01 18:25 . 2010-09-01 18:25 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\Malwarebytes
2010-09-01 18:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 18:24 . 2010-09-01 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-01 18:24 . 2010-09-04 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 18:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 05:06 . 2010-02-05 09:03 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-08-31 05:06 . 2010-02-05 09:03 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-08-30 08:18 . 2010-08-30 08:18 -------- d-----w- c:\program files\Browser Mouse
2010-08-30 08:17 . 2010-08-30 08:17 -------- d-----w- c:\documents and settings\OWNER~1OWN\LOCALS~1
2010-08-30 08:17 . 2010-08-30 08:17 -------- d-----w- c:\documents and settings\OWNER~1OWN
2010-08-30 02:09 . 2010-08-30 02:10 -------- d-----w- c:\program files\BellSouthWCC
2010-08-30 00:24 . 2010-08-30 00:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-08-30 00:24 . 2010-02-05 09:04 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-08-29 23:07 . 2010-09-02 19:24 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-29 01:26 . 2010-08-29 01:26 -------- d-----w- c:\program files\Sapro Systems WinCalendar
2010-08-22 02:42 . 2010-08-22 02:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2010-08-22 01:41 . 2009-05-07 10:20 76288 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0401\CNMsrA0.dll
2010-08-22 01:41 . 2009-05-07 10:20 419328 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0401\CNMurA0.dll
2010-08-22 01:41 . 2009-05-07 10:20 182784 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0401\CNMlrA0.dll
2010-08-22 01:41 . 2009-03-24 10:00 78336 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0409\CNMsrA0.dll
2010-08-22 01:41 . 2009-03-24 10:00 418816 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0409\CNMurA0.dll
2010-08-22 01:41 . 2009-03-24 10:00 189440 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP560 series Printer\LanguageModules\0409\CNMlrA0.dll
2010-08-22 01:40 . 2010-08-22 01:40 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\Canon Easy-WebPrint EX
2010-08-22 01:38 . 2010-08-22 01:38 -------- d-----w- c:\program files\Common Files\CANON
2010-08-22 01:34 . 2010-08-22 01:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-08-22 01:33 . 2009-03-24 10:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA0.DLL
2010-08-22 01:33 . 2009-03-24 10:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA0.DLL
2010-08-22 01:33 . 2009-03-24 10:00 272384 ----a-w- c:\windows\system32\CNMLMA0.DLL
2010-08-22 01:33 . 2010-08-22 01:33 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-08-22 01:33 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA0.DLL
2010-08-22 01:33 . 2010-08-22 01:33 -------- d--h--w- c:\program files\CanonBJ
2010-08-22 01:33 . 2010-08-22 01:33 -------- d-----w- c:\windows\system32\STRING
2010-08-22 01:33 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-08-22 01:33 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-08-22 01:33 . 2010-08-22 01:33 -------- d-----w- c:\windows\system32\CHM
2010-08-22 01:19 . 2010-08-22 02:40 -------- d-----w- c:\program files\Canon
2010-08-21 23:27 . 2010-08-30 02:10 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\Motive
2010-08-21 23:19 . 2010-08-21 23:27 -------- d-----w- c:\program files\ATT-SST
2010-08-21 23:14 . 2010-08-30 02:14 -------- d-----w- c:\program files\Common Files\Motive
2010-08-21 23:14 . 2010-08-21 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-08-20 05:00 . 2010-08-30 00:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-20 05:00 . 2010-08-20 05:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-20 04:45 . 2010-08-20 04:45 -------- d-----w- c:\documents and settings\Owner.Owner\Local Settings\Application Data\Sunbelt Software
2010-08-20 04:43 . 2010-09-02 19:04 -------- d-----w- c:\program files\Lavasoft
2010-08-20 04:43 . 2010-08-20 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-11 07:51 . 2010-08-11 07:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 11:10 . 2009-07-02 20:24 -------- d-----w- c:\program files\Java
2010-09-04 10:50 . 2009-07-02 20:24 -------- d-----w- c:\program files\Common Files\Java
2010-09-03 23:42 . 2010-06-02 05:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2010-09-02 18:47 . 2009-07-08 11:47 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\U3
2010-09-01 04:53 . 2010-06-02 03:37 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\Nitro PDF
2010-08-15 04:50 . 2010-05-07 20:05 -------- d-----w- c:\program files\PDFZilla
2010-08-13 08:10 . 2010-06-20 16:58 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\HpUpdate
2010-08-11 04:59 . 2009-07-09 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-03 18:13 . 2010-08-03 18:13 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\YCanPDF
2010-08-03 00:48 . 2010-08-03 00:48 503808 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4df76146-n\msvcp71.dll
2010-08-03 00:48 . 2010-08-03 00:48 499712 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4df76146-n\jmc.dll
2010-08-03 00:48 . 2010-08-03 00:48 348160 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4df76146-n\msvcr71.dll
2010-08-03 00:48 . 2010-08-03 00:48 61440 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-24c0ce4d-n\decora-sse.dll
2010-08-03 00:48 . 2010-08-03 00:48 12800 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-24c0ce4d-n\decora-d3d.dll
2010-07-30 03:52 . 2009-07-06 06:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 03:51 . 2010-07-30 03:52 53632 ----a-w- c:\documents and settings\Owner.Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-07-30 03:48 . 2010-07-30 03:48 -------- d-----w- c:\documents and settings\Owner.Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-29 03:05 . 2009-12-19 00:38 1 ----a-w- c:\documents and settings\Owner.Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-28 21:13 . 2006-06-19 04:25 247456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 21:11 . 2010-07-28 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-07-28 21:01 . 2009-07-02 20:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 09:16 . 2010-07-28 09:16 -------- d-----w- c:\program files\Belarc
2010-07-25 17:58 . 2009-07-06 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-17 10:00 . 2010-05-23 20:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 03:12 . 2009-07-08 04:18 5320 ----a-w- c:\documents and settings\Owner.Owner\Application Data\wklnhst.dat
2010-07-10 04:11 . 2010-07-10 04:01 20536 ----a-w- c:\program files\Ophcrack LiveCD 2.docx
2010-07-07 01:26 . 2010-07-07 01:26 231888 ----a-w- C:\uninstall_flash_player.exe
2010-07-02 07:02 . 2010-07-02 07:02 292878 ----a-r- c:\documents and settings\Owner.Owner\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2010-06-30 12:31 . 2006-06-17 09:23 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-06-17 09:23 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-06-17 09:23 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-06-17 09:23 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-06-17 09:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-06-17 09:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-05 20:06 . 2010-05-07 20:04 729 ----a-w- c:\program files\readme.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-23 573440]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-14 115560]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"WinCalendar"="c:\program files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe" [2009-09-13 75192]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2010-08-30 356352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WinCalendar"="c:\program files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe" [2009-09-13 75192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SymCorpUI.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS5\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Adobe Help\\Adobe Help.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities - CS5\\ExtendScript Toolkit CS5\\ExtendScript Toolkit.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS5\\Bridge.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Browser Mouse\\mouse32a.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/20/2010 12:00 AM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/31/2010 12:06 AM 13360]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [5/25/2010 12:00 PM 196912]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/31/2010 12:06 AM 69936]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 4:19 PM 102448]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/20/2010 12:00 AM 95024]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/14/2009 3:29 PM 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/5/2010 4:03 AM 1355928]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\Ad-Aware Scan (Daily Scan).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 19:23]

2010-09-05 c:\windows\Tasks\Ad-Aware Scan (Weekly scan).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: adobe.com\www
Trusted Zone: missouristate.edu\bearmail
Trusted Zone: missouristate.edu\blackboard
Trusted Zone: missouristate.edu\www
Trusted Zone: symantec.com\www
Trusted Zone: symantecliveupdate.com\liveupdate
Trusted Zone: yahoo.com\my
FF - ProfilePath - c:\documents and settings\Owner.Owner\Application Data\Mozilla\Firefox\Profiles\5judbp38.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner.Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-04 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3116390915-2556735152-130481838-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-09-04 21:01:00
ComboFix-quarantined-files.txt 2010-09-05 02:00

Pre-Run: 91,122,044,928 bytes free
Post-Run: 91,112,681,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 46637E6E903B05163C2CCE6ED2E5F44A

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Sun Sep 05, 2010 8:39 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Mon Sep 06, 2010 1:15 am

Thank you for your help; I am grateful to have an expert walking me through this confusing (for me) process. There were some oddities that happened when I ran these things you advissed in your previous post.

When I ran the ComboFix uninstall, afterward there were several popups from AdAware saying that a file named pev.exe wanted to change the Registry, and did I want to allow this? I didn't know what to do, so I assumed I should not allow it, and I clicked on BLOCK. It kept reappearing, but even when I checked the box that said "don't ask me about this file request again" it still kept asking me, many many times. When those popups stopped, there was a windows-type warning that said that AdAware Live and Symantec Endpoint were both still running, and they needed to be turned off before I proceeded. I did not click on OK. Instead, I clicked on the X in the upper-right corner and the box disappeared, but another box came up in its place that said the same thing but added: "ComboFix will continue running, but this could be damaging if you do not disable the virus protection programs. Proceed at your own risk." I was suspicious that this was a virus message, but on the other hand, I thought that if there were a chance it was a real warning, I should do something different.

So, I came here and left a message, hoping I might be able to receive a quick reply perhaps, but when I did not, I was more concerned about leaving my computer in that state, with the warning and without running the next scan, so I deleted my post here and went back to finish the scans. I did not click OK on the warning on the screen. I just left it as it was. I ran the ESET scan as you advised me, and from that point, everything proceeded normally, until the scan stopped. I was surprised, but it did not find anything to remove (see log copied/pasted below).

However, when the ESET scan was finished, there was another popup from AdAware, saying that a program called pev.cfxxe was trying to change my registry, did I want to allow this? I clicked on BLOCK-- it reappeared many, many times. When it finally stopped, there was a small box that appeared that said "ComboFix is now uninstalled." I closed out everything and found the log where you told me to look for it.

Here is the log from the ESET scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ea80e6fbf34e704095a82cb7a5a91892
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-06 06:22:03
# local_time=2010-09-06 01:22:03 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132181
# found=0
# cleaned=0
# scan_time=10670


*****EOM********

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Mon Sep 06, 2010 8:47 am

Hello.
Don't worry about the warning, all legit. pev.cfexe is part of Combofix.

ESET looks good, how's the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Mon Sep 06, 2010 7:33 pm

It is still doing what I described in my first post (and I had rechecked my update settings before rebooting just now):

* when I rebooted just now, the Task Scheduler error messages came up again, saying that some tasks were not done; I looked at the Task Scheduler and see that the autoupdates for AdAwarePro are not happening.

* I manually go to Symantec Endpoint and click on "update," and it updates with many files, then tells me to update more often or set autoupdate (I do have it set for autoupdate whenever I boot up, but it obviously is not doing that)

*Just now when I loaded this website, GeekPolice, after a couple of seconds I was redirected to a Gateway site "can't find the site you're looking for" that suggested virus protection sites

* Also a new error msg (I've gotten this before, though, just not lately) when I boot up-- my printer's "Photo Gallery" is "not installed," it says, and it is trying to install it but can't find the files. I click on Cancel, and it gives me the same error message about three more times before it finally stops.

I do have Symantec Endpoint, AdAware Pro, and Malwarebytes all running at the same time. (I don't know enough about these things to know if they are fighting each other?)

System does seem a bit faster, though, not nearly as slow and strange as when I sought your advice.

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Tue Sep 07, 2010 1:40 pm

Hello.
On the issue of the Tasks, go to C:\Windows\Tasks and delete the two .job files in there if you want that to stop.

What browser are you using to browse this site?

As for the Photo Gallery error on startup, we can fix that now.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Tue Sep 07, 2010 6:53 pm

Thank you so much.
I deleted seven AdAware tasks from the Task Scheduler. This always seems to be what I find, though sometimes there were also Symantec updates (I did not find any Symantec updates in it this time).

I am using Internet Explorer 8.0.6001
I tried using Mozilla Foxfire for a while, but I do a lot of my job from home, and most of my work institution's online programs are Microsoft only. I really detest that, but I was told that there is no way around it. Blackboard, for example, can be viewed in Mozilla but one can't upload or download any documents from it, or from Chrome.

Also, my Symantec Endpoint is the subscription supplied to me by my employer (since I and so many others interface with the workplace server so much from home). I didn't choose it. But I am more and more suspecting that it isn't doing a good job, even though the program and updates are free, because it has never caught any malware as it downloaded nor after it had already set up shop on my computer. Is there a better virus protection program that you know of? Or are they all pretty much equal?

Thank you so much for your help, sincerely.

About the PhotoGallery attempt to reinstall-- last night I uninstalled a lot of files/programs that had been attached to an HP printer that I no longer have, so I am hoping it was maybe in that bunch of bloatware. But anyway here is the plaintxt logfile from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:38:40 PM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: liveupdate.symantecliveupdate.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11785 bytes


GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Wed Sep 08, 2010 5:18 pm


Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.

Still get the error about the photo gallery?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Fri Sep 10, 2010 2:55 am

Thank you. No, I didn't get the photo gallery install! Thanks.

But I did still get the Task Manager alert that the AdAware Updater and pre-scheduled scans had not done what they were supposed to do. But then immediately after that, the AdAware updater launched itself, for the first time since all this began, and it actually DID update. In the past few days, I launched it myself and it would do nothing. So, I am thinking that many things have been solved?

Thank you so much for your help. At this point, I don't see anything else that does not run correctly, unless you know of any more tests I should run or programs I might install to prevent trouble.

Many blessings!
GS

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Sat Sep 11, 2010 12:41 am

Nope. If everything looks cool now, you should be free to go. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Sun Sep 12, 2010 9:24 am

Wow-- everything is NOT cool, but I have found out the source of the malware. For the benefit of anybody else who may have done this: I recently got a high-speed internet account with AT&T, and almost immediately, I received what I thought was a true download from AT&T for something called the "AT&T Self-Support Tool" and another program, a Configuration Program for a Troubleshooter when my internet connection goes off (though I don't know the actual name of that program). Shortly after I accepted the downloads of these two programs, I started having the problems that I contacted you about, but I did not know to contact you for some time-- I suspect that these malware programs somehow render Symantec Endpoint ineffectual, because I first noticed that Symantec was not automatically updating any more, and then when I manually updated it, it seemed to download much more than just updates. This is the reason I got AdAware and later upgraded it to AdAware Pro when it seemed to me that something was always running in the background, because none of the Symantec scans ever found anything. Tonight, the AT&T programs downloaded updates, and almost immediately AdAware Pro jumped on them and quarantined them, then launched a full scan. I then realized that I had not gotten the programs from AT&T's website (stupidly), so I used the Windows uninstall to get rid of them-- and AdAware would then tell me that various programs were trying to change my registry, and I saw the name of every piece of malware that you and I have seen over this time of cleaning my system. I know I was really stupid for allowing those programs to download to begin with, but I feel like I should warn everybody who gets new AT&T accounts, because it was just too easy to think that this came with the hook-up. It seems obvious that these fake AT&T updates were the source, then, doesn't it?

I have run the Malawarebytes and the AdAwarePro full scans tonight; AdAware removed two more besides the ones it had already removed.

Should I run anything else now, or dare I believe that AdAwarePro and Malawarebytes removed all that tried to download tonight?


GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Sun Sep 12, 2010 11:51 pm

How is the machine running after you ran the scans?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Mon Sep 13, 2010 12:36 am

It seems to be running okay now. Had a brief episode when some things acted crazy, but I ran all the scans again, and shut everything down completely before rebooting, and today it seems okay.

Here is a log from tonight's Hijack This report. I don't know if this is needful, or if it tells you anything, but I did it, anyhow. Thank you!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:43:52 PM, on 9/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: liveupdate.symantecliveupdate.com
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 10085 bytes

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by Belahzur on Mon Sep 13, 2010 8:46 pm

Looks good, don't see any malware there.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System slow; browser redirected whenever I was at iMDb site

Post by GrannySlammy on Tue Sep 14, 2010 2:38 am

Thank you, then, I think this one is solved! I have learned a great deal.

GeekPolice is an awesome site!

GrannySlammy Thank You!

GrannySlammy
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-09-04
Gender Gender : Female
OS OS : Windows 7
Protection Protection : avast! and Malwarebytes
Points Points : 23101
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum