Search similar:
|
uniqs 2586 |
|
|
|
daparker Premium Member join:2001-11-06 Monteca 1 edit |
daparker
Premium Member
2012-Sep-10 7:41 pm
[RESOLVED][Malware] Slow PC CheckI'm working on a PC for a friend who reported it running very slowly. I noticed Combofix was loaded and they don't remember being helped by someone, so I assume there was some sort of malware problem. When I try to run the Security checker I get the message that it is not a valid win32 application.
MBAM: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org
Database version: v2012.09.05.08
Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Administrator :: USER-COMP [administrator]
Protection: Enabled
9/5/2012 9:01:03 AM mbam-log-2012-09-05 (09-01-03).txt
Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 377496 Time elapsed: 6 hour(s), 56 minute(s), 52 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 1 C:\Documents and Settings\Queen Sally\My Documents\Downloads\IWON.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
(end)
OTL: OTL logfile created on: 9/7/2012 2:34:36 PM - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 569.98 Mb Available Physical Memory | 55.77% Memory free 2.40 Gb Paging File | 1.80 Gb Available in Paging File | 75.06% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.55 Gb Total Space | 10.70 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Computer Name: USER-COMP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/09/07 14:33:48 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2012/09/07 14:20:06 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/09/05 16:18:17 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe PRC - [2011/05/10 02:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe PRC - [2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe PRC - [2008/10/16 19:26:40 | 000,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/09/06 15:37:01 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/09/06 15:31:52 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/09/06 15:31:30 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/04 04:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2012/09/07 14:20:06 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) SRV - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/16 10:15:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360) SRV - [2009/09/08 12:27:02 | 000,694,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2008/10/16 20:29:40 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/10/16 20:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120906.008\IDSXpx86.sys -- (IDSxpx86) DRV - [2012/09/05 09:00:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/09/04 18:03:21 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120907.001\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/04 18:03:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/09/04 18:03:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/09/04 18:03:21 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120907.001\NAVENG.SYS -- (NAVENG) DRV - [2012/08/31 15:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120905.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Unknown] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI) DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA) DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP) DRV - [2010/06/11 22:42:06 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON) DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP) DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX) DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS) DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2002/06/26 17:59:00 | 000,654,508 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001/07/12 14:54:20 | 000,584,304 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2001/07/12 14:52:38 | 000,427,167 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56) DRV - [2001/07/12 14:52:10 | 000,310,739 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback) DRV - [2001/07/12 14:49:32 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2) DRV - [2001/07/12 14:49:10 | 000,534,605 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124) DRV - [2001/07/03 18:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag) DRV - [2001/06/14 19:37:38 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks) DRV - [2001/06/14 19:36:52 | 000,216,987 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax) DRV - [2001/06/14 19:35:50 | 000,056,639 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones) DRV - [2001/06/14 19:33:04 | 000,067,622 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {3d206148-6081-42e4-be5f-614ff2c73ce0} - No CLSID value found IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NSS&chn=retail&geo=US&ver=4 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80074&lng=en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "LDSToolbar.com Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1385030&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/|http://bl162w.blu162.mail.live.com/default.aspx|http://www.google.com/ig|http://www.network54.com/Forum/465126/|http://pinterest.com/" FF - prefs.js..extensions.enabledAddons: amznUWL@amazon.com:2.12 FF - prefs.js..extensions.enabledAddons: ConsumerInput@Compete:9567 FF - prefs.js..extensions.enabledAddons: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.137 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12 FF - prefs.js..extensions.enabledItems: {20a3bf34-ac82-45ab-b3e8-73574f0a745e}:3.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.137 FF - prefs.js..extensions.enabledItems: {f810b284-5ec4-49e0-907f-ff6b0c6846f7}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/22 09:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/09/07 11:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/01/10 21:48:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 16:06:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 14:21:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/01/10 21:48:37 | 000,000,000 | ---D | M]
[2011/08/31 22:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2012/09/04 16:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions [2009/10/04 15:07:11 | 000,000,000 | ---D | M] (e-Trends) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{20a3bf34-ac82-45ab-b3e8-73574f0a745e} [2010/05/09 16:25:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/28 12:01:12 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb} [2010/11/28 23:18:00 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2012/05/30 23:26:56 | 000,000,000 | ---D | M] (LDSToolbar.com Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{f810b284-5ec4-49e0-907f-ff6b0c6846f7} [2011/03/20 00:35:51 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\amznUWL@amazon.com [2011/04/12 08:45:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\engine@conduit.com [2010/11/28 23:18:08 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\extension@virtusdesigns.com [2010/11/28 23:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\extension@virtusdesigns.com\chrome [2010/11/28 23:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2011/12/29 18:10:49 | 000,238,094 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\ConsumerInput@Compete.xpi [2011/12/26 13:46:52 | 000,977,421 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi [2010/04/01 09:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css [2010/04/01 08:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png [2010/11/23 15:25:40 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\searchplugins\conduit.xml [2011/02/27 23:29:27 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\searchplugins\inbox-search.xml [2011/08/31 22:08:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\searchplugins\SearchResults.xml [2012/01/05 11:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/18 08:37:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009/03/19 18:11:28 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AC4279XY.DEFAULT\EXTENSIONS\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012/06/16 10:15:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/07/13 13:22:20 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll [2010/07/13 13:22:21 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll [2010/07/13 13:22:23 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll [2010/07/13 13:22:18 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll [2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll [2011/12/20 21:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/08/31 22:08:43 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011/12/20 21:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=0&systemid=102&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll | actions · 2012-Sep-10 7:41 pm · (locked) | daparker |
daparker
Premium Member
2012-Sep-10 7:43 pm
Re: [Malware] Slow PC CheckOTL, continued: CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Browser Plugin\nploki.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2011/09/04 21:06:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (no name) - {3d206148-6081-42e4-be5f-614ff2c73ce0} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {3d206148-6081-42e4-be5f-614ff2c73ce0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346875821625 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.54.92.50 172.21.64.2 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAAAC1D-B83D-479F-B27B-3ACF6C181615}: DhcpNameServer = 204.54.92.50 172.21.64.2 127.0.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/03 13:56:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/09/07 14:33:37 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/09/07 14:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun [2012/09/07 14:21:27 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/07 14:21:27 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/07 14:20:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/07 14:20:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/07 14:20:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/07 13:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn [2012/09/07 13:07:02 | 000,030,624 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll [2012/09/07 13:07:01 | 000,083,392 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll [2012/09/07 13:07:01 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2012/09/07 13:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/09/07 13:06:48 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll [2012/09/07 13:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2012/09/07 13:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn [2012/09/07 13:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment [2012/09/07 10:55:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2012/09/07 10:53:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2012/09/07 09:10:36 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012/09/07 09:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012/09/07 09:07:01 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2012/09/07 09:04:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012/09/06 14:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory [2012/09/06 07:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/09/05 16:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP [2012/09/05 16:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games [2012/09/05 16:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/09/05 16:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/09/05 08:59:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/09/04 17:29:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2012/09/04 17:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner [2012/09/04 17:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/09/04 15:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific [2012/09/04 15:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/09/07 14:33:48 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/09/07 14:23:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/09/07 14:20:10 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/07 14:20:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/07 14:20:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/07 14:20:02 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/07 14:20:02 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/09/07 14:20:01 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/07 14:03:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/09/07 13:06:45 | 000,001,024 | ---- | M] () -- C:\.rnd [2012/09/07 11:28:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2012/09/07 11:28:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc2247e34d987c.job [2012/09/07 11:28:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c39e103956e.job [2012/09/07 11:28:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/09/07 11:28:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/09/07 11:20:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 10:53:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/09/06 18:00:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job [2012/09/06 15:43:29 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/09/06 15:43:29 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/09/06 14:48:08 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/06 14:48:07 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/05 09:00:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/09/05 08:02:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/05 03:29:31 | 000,159,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/09/04 17:32:24 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/09/04 17:28:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/09/04 17:10:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/09/07 13:06:43 | 000,001,024 | ---- | C] () -- C:\.rnd [2012/09/07 13:06:22 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk [2012/09/07 10:53:38 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/09/05 16:29:49 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2012/09/05 03:02:36 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/09/04 17:32:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/09/04 17:32:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/04 17:28:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/02/16 10:32:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/09/04 18:54:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/09/04 18:54:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/09/04 18:54:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/09/04 18:54:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/09/04 18:54:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/05/12 21:21:30 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/12 11:59:19 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/01/12 21:16:00 | 000,282,359 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp [2011/01/12 21:15:59 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp [2011/01/12 21:12:24 | 000,186,820 | ---- | C] () -- C:\WINDOWS\hpwins23.dat [2011/01/12 21:12:22 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat [2010/12/22 15:11:50 | 000,077,429 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009/12/30 07:48:15 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\jobq.dat [2008/11/26 21:35:07 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AVSMediaPlayer.m3u [2008/10/11 09:37:44 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/04 14:00:28 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[color=#E56717]========== LOP Check ==========[/color]
[2012/03/19 17:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft [2008/10/04 16:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore [2010/04/08 08:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar Entertainment [2012/09/04 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon [2009/04/07 20:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Anabel [2008/10/03 18:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics [2011/09/24 16:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012 [2010/01/02 11:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azuaz Games [2010/03/30 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BanzaiInteractive [2009/01/22 11:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BloodTies [2009/05/04 10:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BrandX Games [2010/03/19 22:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\casanova [2010/10/07 10:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media [2011/06/17 22:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Colibri Games [2010/01/14 19:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Curious Sense [2010/05/24 19:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DarkParablesBriarRoseSE_RA [2011/06/28 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dekovir [2011/10/15 14:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure [2010/01/15 15:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Enlightenus_Real [2010/06/05 10:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games [2010/10/07 10:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Floodlight Games [2010/01/08 15:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FloodLightGames [2010/05/19 11:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlyWheelGames [2010/04/14 13:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Freezetag [2010/01/30 14:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Friday's games [2009/03/30 21:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fuel Industries [2010/04/28 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fugazo [2009/04/13 03:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent [2010/07/30 18:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHouse [2010/04/24 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHousev1001 [2010/09/17 18:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHousev1002 [2010/03/16 16:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameInvest [2010/01/25 09:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamers Digital [2010/01/15 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GamersDigital [2010/01/23 13:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Games [2009/07/04 19:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN [2011/12/13 12:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GO Games [2010/01/02 11:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gold Casual Games [2009/10/31 23:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GTM_Bodie [2010/05/26 13:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HdO Adventure [2009/07/10 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HSA [2010/03/15 13:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iMaxGen [2011/04/11 11:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Masque [2009/12/30 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MastersOfMystery2 [2010/03/17 20:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MemoryClinic [2009/11/14 10:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93 [2010/10/07 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Merscom [2010/01/15 10:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp [2009/01/25 01:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Games [2010/08/23 13:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MysteriousCaseOfJekyllAndHyde [2010/04/24 17:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MysteryStudio [2010/05/28 23:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mysteryville2 [2011/06/18 00:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy [2010/08/14 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paige Harper and the Tome of Mystery [2011/10/15 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic [2009/02/27 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pharaohs Secret [2010/05/20 15:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst [2009/11/13 23:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment [2010/01/15 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PoBros [2010/06/19 12:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1000 [2009/11/27 11:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1002 [2010/04/15 22:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Purple Patch Games [2009/10/18 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quirky Games [2009/06/16 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecretIslandEng [2010/04/09 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Settlement. Colossus [2009/03/18 18:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Shape games [2010/03/23 19:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Silverback Productions [2009/04/11 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skip-Bo [2012/09/04 17:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment [2011/11/05 10:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop Games [2011/10/01 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\spotmau [2010/11/28 00:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2010/01/23 13:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TheFixerUpper [2012/09/04 15:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific [2010/03/15 14:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TitanicMystery [2009/03/21 09:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Total Eclipse [2010/02/06 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity [2010/06/02 22:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VampireSaga [2009/08/02 00:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions [2008/10/04 16:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2009/03/21 10:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1 [2010/04/08 08:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment [2010/10/01 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze [2009/04/11 20:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium [2009/12/29 23:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games [2011/11/27 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2010/03/30 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive [2009/10/14 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan [2011/09/01 06:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/05 16:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games [2010/07/13 12:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems [2011/06/17 22:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games [2011/09/24 16:04:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/01/14 19:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense [2010/06/28 11:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories [2009/01/22 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum [2010/03/19 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2 [2010/05/03 18:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills [2010/06/05 10:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games [2010/10/07 10:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games [2010/01/08 15:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2010/03/23 12:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2010/07/30 18:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2010/01/25 09:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital [2010/01/15 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital [2010/08/24 19:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2009/12/26 15:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3 [2009/06/12 20:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hitpointstudios [2009/03/20 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios [2010/03/16 17:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2010/04/01 15:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium [2012/03/09 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2012/09/07 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2011/03/22 11:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque [2010/10/07 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom [2011/11/27 00:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/03/27 22:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million [2010/01/07 22:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2009/01/25 01:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age [2009/01/09 19:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2009/01/16 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve [2010/03/10 19:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft [2011/10/15 14:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2008/10/05 10:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2011/10/01 21:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pc health check [2010/05/20 15:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2011/07/03 06:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond [2010/01/15 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros [2009/11/03 19:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2009/12/30 22:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella [2010/03/17 09:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2009/11/15 15:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2011/10/01 17:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau [2012/06/19 11:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2011/10/15 19:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360 [2012/09/04 16:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2012/01/07 16:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009/09/11 19:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2009/03/16 11:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/03/31 19:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/09 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/07 08:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012/09/07 11:28:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2012/09/06 18:00:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job [2012/06/23 00:26:06 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job [color=#E56717]========== Purity Check ==========[/color] | actions · 2012-Sep-10 7:43 pm · (locked) | daparker |
daparker
Premium Member
2012-Sep-10 7:46 pm
Extras: OTL Extras logfile created on: 9/7/2012 2:34:36 PM - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 569.98 Mb Available Physical Memory | 55.77% Memory free 2.40 Gb Paging File | 1.80 Gb Available in Paging File | 75.06% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.55 Gb Total Space | 10.70 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Computer Name: USER-COMP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: ) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC) "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: ) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{09DE2F51-DF0A-11D3-9DBC-00C04F522588}" = Personal Ancestral File "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext "{94D3E3CE-CE56-428B-A92D-F06B7723CF9E}" = Typing Instructor for Kids "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}" = WinZip 16.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10 "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help "{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager "{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2 "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio "0591-8077-9297-0833" = FamilySearch Indexing 3.7.11 "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIM_6" = AIM 6 "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "CCleaner" = CCleaner "Cisco Connect" = Cisco Connect "CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Google Chrome" = Google Chrome "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "HPOCR" = OCR Software by I.R.I.S. 12.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InterActual Player" = InterActual Player "Jenya_Games Toolbar" = Jenya Games Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "N360" = Norton Security Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Picasa 3" = Picasa 3 "RealArcade" = RealArcade "Shop for HP Supplies" = Shop for HP Supplies "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FamilySearch Indexing" = FamilySearch Indexing "SOE Web Installer" = SOE Web Installer "Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 7/3/2012 2:10:28 AM | Computer Name = USER-COMP | Source = Application Hang | ID = 1002 Description = Hanging application sol.exe, version 5.1.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/6/2012 12:38:08 PM | Computer Name = USER-COMP | Source = Application Hang | ID = 1002 Description = Hanging application zClientm.exe, version 1.2.626.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/5/2012 7:26:15 PM | Computer Name = USER-COMP | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2012 2:46:31 PM | Computer Name = USER-COMP | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft .NET Framework 1.1 - Update '{411EDCF7-755D-414E-A74B-3DCD6583F589}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 485 Description = wuauclt (2348) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 485 Description = wuauclt (2348) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 486 Description = wuauclt (456) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system error 183 (0x000000b7): "Cannot create a file when that file already exists. ". The move file operation will fail with error -1022 (0xfffffc02).
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 413 Description = wuauclt (456) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 492 Description = wuauclt (456) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.
Error - 9/7/2012 5:07:59 PM | Computer Name = USER-COMP | Source = ESENT | ID = 471 Description = wuauclt (456) Unable to rollback operation #98075 on database C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb. Error: -510. All future database updates will be rejected.
[ System Events ] Error - 7/6/2012 11:21:19 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 7/6/2012 11:21:49 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 7/6/2012 11:22:19 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 7/6/2012 11:22:49 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 7/6/2012 11:23:19 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 7/6/2012 11:24:12 AM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
Error - 9/4/2012 6:05:40 PM | Computer Name = USER-COMP | Source = NetBT | ID = 4321 Description = The name "WORKGROUP :1d" could not be registered on the Interface with IP address 204.54.92.81. The machine with the IP address 204.54.92.68 did not allow the name to be claimed by this machine.
Error - 9/4/2012 6:07:48 PM | Computer Name = USER-COMP | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3AAAAC1D-B83D-479F-B27B-3ACF6C181615}. The backup browser is stopping.
Error - 9/5/2012 7:49:06 PM | Computer Name = USER-COMP | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde
Error - 9/6/2012 2:46:38 PM | Computer Name = USER-COMP | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1. | actions · 2012-Sep-10 7:46 pm · (locked) | daparker |
daparker
Premium Member
2012-Sep-10 7:51 pm
Online virus scan log is coming next. I did notice that there were some remnants of McAfee in there and ran the McAfee products uninstaller, so those should be gone now. | actions · 2012-Sep-10 7:51 pm · (locked) | daparker |
daparker
Premium Member
2012-Sep-10 9:28 pm
ESET Results: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=aa425cd98bc40e47ab2255dda7b5848d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-11 12:36:40 # local_time=2012-09-10 05:36:40 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 23986132 23986132 0 0 # compatibility_mode=3584 16777191 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=158225 # found=4 # cleaned=4 # scan_time=6724 C:\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\TuneUp360.ocx Win32/TuneUp360 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C | actions · 2012-Sep-10 9:28 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
If you have a log created from Combofix, can you please add it next post? Thanks. | actions · 2012-Sep-10 10:54 pm · (locked) | daparker Premium Member join:2001-11-06 Monteca |
daparker
Premium Member
2012-Sep-10 10:55 pm
I did not run Combofix. Where would the log be? | actions · 2012-Sep-10 10:55 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
Good. Don't run it unless LPP directs it...but thought...if already run on this system, you might be able to provide it
It would be located in C:\combofix.txt | actions · 2012-Sep-10 10:57 pm · (locked) | daparker Premium Member join:2001-11-06 Monteca |
daparker
Premium Member
2012-Sep-10 11:01 pm
Looks like it's been a while, but here's the log:
ComboFix 11-09-04.03 - Administrator 09/04/2011 20:25:51.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 ))))))))))))))))))))))))))))))) . . 2011-09-01 05:10 . 2011-09-01 05:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\jziptoolbar 2011-09-01 05:08 . 2011-09-01 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-09-01 05:08 . 2011-09-01 05:10 -------- d-----w- c:\program files\Windows jZip Toolbar 2011-08-29 15:46 . 2011-08-29 15:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-10 15:21 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 15:19 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-08 14:02 . 2001-08-23 15:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52 . 2011-07-29 01:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-07-29 01:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2008-10-03 20:51 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45 . 2004-08-03 22:56 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45 . 2004-08-03 22:56 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45 . 2004-08-03 22:56 17408 ----a-w- c:\windows\system32\corpol.dll 2011-06-21 11:47 . 2004-08-03 20:59 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-03 22:56 293376 ----a-w- c:\windows\system32\winsrv.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite] 2009-08-01 01:38 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-06-22 00:44 126976 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-06-22 00:48 155648 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-07-20 01:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2002-06-27 01:00 46592 ----a-w- c:\windows\SOUNDMAN.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Windows jZip Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 1:48 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 1:48 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 6:00 PM 815736] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 1:48 PM 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 1:48 PM 116784] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 11:24 PM 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110902.030\IDSXpx86.sys [9/2/2011 5:00 PM 356280] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2011 6:57 PM 22712] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/28/2011 6:58 PM 41272] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder . 2011-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c39e103956e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc2247e34d987c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2011-09-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.jzip.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.251 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1385030&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.jzip.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) HKCU-Run-Aim6 - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-04 21:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4032) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe c:\progra~1\WI83E4~1\Datamngr\DATAMN~1.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-09-04 21:19:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-05 04:19 . Pre-Run: 16,743,702,528 bytes free Post-Run: 17,081,077,760 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - ACA246284205B9B77572158C37D644E1 | actions · 2012-Sep-10 11:01 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
That sure has been awhile ....thanks for providing the additional info | actions · 2012-Sep-10 11:02 pm · (locked) | |
1 recommendation |
to daparker
I'ld like to run Combofix, but want to use the current version, so.... First:The following will implement some cleanup procedures as well as reset System Restore points: Click Start, then Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall ( Note: There is a SPACE between ComboFix and /uninstall) Second:Download ComboFix from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
| actions · 2012-Sep-11 9:57 am · (locked) | daparker Premium Member join:2001-11-06 Monteca |
daparker
Premium Member
2012-Sep-11 11:16 am
All done. Here's the log: ComboFix 12-09-11.02 - Administrator 09/11/2012 7:33.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.455 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\SETD1.tmp c:\windows\system32\SETD3.tmp c:\windows\system32\SETE1.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 ))))))))))))))))))))))))))))))) . . 2012-09-10 22:39 . 2012-09-10 22:39 -------- d-----w- c:\program files\ESET 2012-09-09 02:58 . 2012-09-09 02:58 -------- d-----w- c:\program files\WinDirStat 2012-09-09 02:15 . 2012-09-09 02:15 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2012-09-07 21:28 . 2012-09-07 21:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun 2012-09-07 21:21 . 2012-09-07 21:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-07 21:20 . 2012-09-07 21:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-07 20:07 . 2012-09-07 20:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn 2012-09-07 20:07 . 2012-07-06 01:09 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-09-07 20:07 . 2012-07-06 01:09 30624 ----a-w- c:\windows\system32\LMIport.dll 2012-09-07 20:07 . 2012-07-06 01:10 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-09-07 20:07 . 2012-06-08 19:06 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2012-09-07 20:06 . 2012-07-06 01:09 87456 ----a-w- c:\windows\system32\LMIinit.dll 2012-09-07 20:06 . 2012-09-11 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2012-09-07 20:06 . 2012-09-07 20:42 -------- d-----w- c:\program files\LogMeIn 2012-09-07 20:03 . 2012-09-07 20:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2012-09-07 17:55 . 2012-09-07 17:55 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2012-09-07 17:53 . 2012-09-07 17:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-09-07 17:23 . 2012-09-07 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-09-07 16:10 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-09-07 16:09 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-09-07 16:07 . 2012-07-02 17:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-09-07 16:07 . 2012-07-02 17:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-09-07 16:07 . 2012-07-02 17:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-09-07 16:04 . 2012-09-07 16:06 -------- dc-h--w- c:\windows\ie8 2012-09-06 21:29 . 2012-09-06 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory 2012-09-06 14:49 . 2012-09-06 14:49 -------- d-----w- c:\program files\Microsoft.NET 2012-09-05 23:27 . 2012-09-05 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games 2012-09-05 23:02 . 2012-09-05 23:02 -------- d-----w- c:\program files\Common Files\Skype 2012-09-05 00:27 . 2012-09-05 00:28 -------- d-----w- c:\program files\CCleaner 2012-09-04 22:45 . 2012-09-04 22:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific 2012-09-04 22:45 . 2012-09-04 22:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 21:20 . 2009-06-12 17:41 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-06 21:48 . 2012-04-22 09:07 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-06 21:48 . 2011-08-29 15:46 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2008-10-03 20:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 20:46 . 2011-07-29 01:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40 . 2004-08-03 21:17 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 17:49 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 12:05 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec 2010-07-13 20:22 . 2010-07-13 20:22 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2010-07-13 20:22 . 2010-07-13 20:22 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-07-13 20:22 . 2010-07-13 20:22 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-06-16 17:15 . 2011-10-03 15:38 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "SoundMan"="SOUNDMAN.EXE" [2002-06-27 46592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTMxMDEwMTQ4LUIxLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=cab14bf6d90047d19008d1096dac5fa1-b602d594afd2b0b327e07a06f36ca6a7e42546d0" [?] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-07-06 01:09 87456 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [10/31/2011 1:24 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [10/31/2011 1:24 PM 173176] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [8/31/2012 3:09 PM 995488] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [10/31/2011 1:24 PM 485512] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [10/31/2011 1:24 PM 116784] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/5/2012 6:09 PM 374184] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/8/2012 12:06 PM 12856] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/28/2011 6:58 PM 655944] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 1:23 PM 126400] R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [9/10/2012 5:39 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120908.001\IDSXpx86.sys [9/10/2012 5:41 PM 373728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/28/2011 6:57 PM 22344] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 gupdate1ca33536901328e;Google Update Service (gupdate1ca33536901328e);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2009 7:47 PM 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2009 7:47 PM 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 9:23 AM 113120] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder . 2012-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c39e103956e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc2247e34d987c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 02:46] . 2012-09-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07] . 2012-09-10 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06] . 2012-09-09 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 204.54.92.50 172.21.64.2 127.0.0.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ac4279xy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1385030&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://bl162w.blu162.mail.live.com/default.aspx|http://www.google.com/ig|http://www.network54.com/Forum/465126/|http://pinterest.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{3d206148-6081-42e4-be5f-614ff2c73ce0} - (no file) BHO-{3d206148-6081-42e4-be5f-614ff2c73ce0} - (no file) Toolbar-{3d206148-6081-42e4-be5f-614ff2c73ce0} - (no file) HKLM-Run-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-11 08:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2012-09-11 08:15:39 ComboFix-quarantined-files.txt 2012-09-11 15:15 ComboFix2.txt 2011-09-05 04:19 . Pre-Run: 14,226,399,232 bytes free Post-Run: 14,565,298,176 bytes free . - - End Of File - - F6EF36BA33B6139EFA4A545D1713D587 | actions · 2012-Sep-11 11:16 am · (locked) |
1 recommendation |
to daparker
Nothing outlandish in the logs.
How is it running now?? | actions · 2012-Sep-11 2:36 pm · (locked) | daparker Premium Member join:2001-11-06 Monteca |
daparker
Premium Member
2012-Sep-11 6:54 pm
It's running a bit faster. I rebooted so I could see how long it took to get going and something called SolutionCenter is trying to install. I see it in one of the logs above, but do you know what that is? I don't think we need it, so if we could remove it, that would be ideal. | actions · 2012-Sep-11 6:54 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
I believe it's related to HP's suite of printer drivers.
If he still has the cd (or the hardware) it should be easy enough to add whenever they want. And the drivers are all that's necessary, unless they want the added bloat of additional tools & software | actions · 2012-Sep-11 11:01 pm · (locked) | daparker Premium Member join:2001-11-06 Monteca |
daparker
Premium Member
2012-Sep-11 11:16 pm
Ok, can we remove the item that is causing it to try and install each bootup? We'll check the HP drivers later. | actions · 2012-Sep-11 11:16 pm · (locked) |
1 recommendation |
to daparker
The Solution Center is indeed part of the HP package of software. But it should only install once.
It is possible it's corrupted. Best course would be to remove the Printer and all related HP software via Add/Remove Programs.
Then go to the HP Support site and download the correct installer package and re-install the printer.
Finally, post back here with the current status. | actions · 2012-Sep-12 11:24 am · (locked) | daparker Premium Member join:2001-11-06 Monteca
1 recommendation |
daparker
Premium Member
2012-Sep-14 9:38 pm
I've uninstalled all HP items for now and the install prompt is now gone on reboot. I'll reinstall the HP items at a future date. System performance seems fine now. | actions · 2012-Sep-14 9:38 pm · (locked) |
1 recommendation |
to daparker
Thanks. Time to cleanup... First:The following will implement some cleanup procedures as well as reset System Restore points: Click Start, then Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall ( Note: There is a SPACE between ComboFix and /uninstall) Second:Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
| actions · 2012-Sep-15 11:08 am · (locked) | daparker Premium Member join:2001-11-06 Monteca
1 recommendation |
daparker
Premium Member
2012-Sep-16 11:51 am
Thanks very much for your assistance! | actions · 2012-Sep-16 11:51 am · (locked) |
|