site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > Hijackware according to MS

Search Topic:
 Uniqs:
1094		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies

Allyson

join:2012-11-29
Huntsville, ON

Hijackware according to MS

I am attaching my logs as requested. I tried to put them in here but system said post was too long.
to forum · permalink · 2012-11-29 13:48:08 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Opened up...

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: JETHROE [administrator]

28/11/2012 3:27:49 PM
mbam-log-2012-11-28 (15-27-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 730271
Time elapsed: 13 hour(s), 22 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-11-29 14:55:38 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

OTL logfile created on: 15/11/2012 1:46:52 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Sheila\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 14.24 Gb Free Space | 13.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 228.13 Gb Total Space | 145.12 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 783.09 Gb Free Space | 84.07% Space Free | Partition Type: NTFS

Computer Name: JETHROE
Current User Name: Sheila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/15 13:45:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\OTL.exe
PRC - [2012/11/08 15:14:16 | 000,122,032 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/11/08 15:01:30 | 001,516,680 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2012/02/26 23:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/11/25 10:21:32 | 001,175,384 | ---- | M] (Intuit Canada ULC.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/11/25 10:19:24 | 001,178,968 | ---- | M] (Intuit Canada ULC.) -- C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2011/11/25 10:19:22 | 000,062,808 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBHelp.exe
PRC - [2011/11/25 08:44:50 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/09 20:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/08/09 20:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Sheila\Application Data\HP SimpleSave Application\StartHelper.exe
PRC - [2011/04/13 11:04:04 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
PRC - [2010/11/24 13:39:00 | 000,129,872 | ---- | M] () -- C:\Program Files\Rogers Connection Manager\AutoDect.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Sheila\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/05/14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2012/11/15 13:45:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/08 15:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/11/07 12:50:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/26 23:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/11/25 08:44:50 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/09 20:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/13 11:04:04 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Sheila\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/07/27 21:57:50 | 000,131,072 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/27 21:57:50 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/08/09 12:57:10 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 08:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/03/26 09:37:12 | 000,126,976 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2011/03/26 09:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 09:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 09:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/03/26 09:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/11 15:58:10 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 16:30:32 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 15:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 21:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = »partnerpage.google.com/smallbiz.···=0080304
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = »partnerpage.google.com/smallbiz.···=0080304

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »partnerpage.google.com/smallbiz.···=0080304
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »www.google.com/hws/sb/dell-row/e···l=ca-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/31 10:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/06 17:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/06/06 09:13:37 | 000,000,000 | ---D | M]

[2010/03/19 16:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Mozilla\Extensions
[2010/03/19 16:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Mozilla\Firefox\Profiles\idm85d8m.default\extensions
[2010/03/19 16:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheila\Application Data\Mozilla\Firefox\Profiles\idm85d8m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 16:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Mozilla\Firefox\Profiles\idm85d8m.default\extensions\staged-xpis
[2011/11/19 16:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/15 10:26:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/16 08:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/19 16:33:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Alexa Toolbar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlexaToolbar.10.0.dll (Alexa.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Rogers Connection Manager\AutoDect.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickBooksDB20] C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Hardware Helper] C:\Program Files\Hardware Helper\HHLauncher.exe (PC Help Soft)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Canada ULC.)
O4 - Startup: C:\Documents and Settings\Sheila\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Sheila\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···34809031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sheila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sheila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/15 13:45:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\OTL.exe
[2012/11/14 14:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheila\Application Data\Nero
[2012/11/14 14:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheila\Application Data\Seagate
[2012/11/14 11:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/11/14 11:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/11/14 11:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/11/14 11:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/11/09 11:37:06 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\TFC.exe
[2012/11/07 12:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/11/07 12:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/11/07 11:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/15 13:45:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\OTL.exe
[2012/11/15 13:37:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 13:30:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/11/15 13:30:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 13:30:18 | 3210,780,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 13:29:49 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Sheila\NTUSER.DAT
[2012/11/15 13:29:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sheila\ntuser.ini
[2012/11/15 13:21:20 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheila\Desktop\TFC.exe
[2012/11/15 13:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/15 13:09:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1146484910-959827588-941327896-1008UA.job
[2012/11/15 13:05:40 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Sheila1.job
[2012/11/15 12:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 12:37:16 | 000,000,572 | ---- | M] () -- C:\WINDOWS\tasks\Sheila.job
[2012/11/14 16:30:44 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Sheila DBAgent 2 0.job
[2012/11/14 15:30:27 | 000,000,586 | ---- | M] () -- C:\WINDOWS\tasks\Sheila1 Merge.job
[2012/11/14 15:09:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1146484910-959827588-941327896-1008Core.job
[2012/11/14 14:31:17 | 000,000,584 | ---- | M] () -- C:\WINDOWS\tasks\Sheila Merge.job
[2012/11/14 14:26:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0E201E48-B373-4E02-8A61-919982036CA5}.job
[2012/11/14 14:01:55 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\G8 Accommodation1.job
[2012/11/14 13:53:50 | 000,000,632 | ---- | M] () -- C:\WINDOWS\tasks\G8 Accommodation.job
[2012/11/14 13:31:44 | 000,000,646 | ---- | M] () -- C:\WINDOWS\tasks\G8 Accommodation1 Merge.job
[2012/11/14 13:22:22 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\G8 Accommodation DBAgent 2 0.job
[2012/11/14 13:20:28 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\G8 Accommodation Merge.job
[2012/11/14 12:59:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\New COW Expression DBAgent 2 0.job
[2012/11/14 12:56:24 | 000,000,656 | ---- | M] () -- C:\WINDOWS\tasks\New COW Expression Merge.job
[2012/11/14 12:56:19 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\New COW Expression.job
[2012/11/14 12:45:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\Temp for email smgiv DBAgent 2 0.job
[2012/11/14 12:44:51 | 000,000,656 | ---- | M] () -- C:\WINDOWS\tasks\Temp for email smgiv.job
[2012/11/14 12:44:39 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\User DBAgent 2 0.job
[2012/11/14 12:42:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Port Carling Boats DBAgent 2 0.job
[2012/11/14 12:40:46 | 000,000,656 | ---- | M] () -- C:\WINDOWS\tasks\Port Carling Boats Merge.job
[2012/11/14 12:40:41 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Port Carling Boats.job
[2012/11/14 12:29:18 | 000,000,572 | ---- | M] () -- C:\WINDOWS\tasks\User Merge.job
[2012/11/14 12:29:13 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\User.job
[2012/11/14 12:14:33 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\Temp for email smgiv Merge.job
[2012/11/14 11:56:55 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2012/11/13 12:13:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/08 10:32:41 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Sheila\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/08 10:30:33 | 000,609,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/11/08 10:30:33 | 000,507,512 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/08 10:30:33 | 000,089,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/07 15:55:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/07 12:50:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/07 12:50:44 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/07 12:04:14 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/10/31 15:22:09 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Sheila\Desktop\Microsoft Word.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/14 16:31:11 | 000,475,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1146484910-959827588-941327896-1008-0.dat
[2012/11/14 16:31:11 | 000,153,754 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1146484910-959827588-941327896-1013-0.dat
[2012/11/14 16:31:11 | 000,153,754 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1146484910-959827588-941327896-1010-0.dat
[2012/11/14 16:31:11 | 000,153,754 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1146484910-959827588-941327896-1007-0.dat
[2012/11/14 16:31:06 | 000,153,754 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1146484910-959827588-941327896-1012-0.dat
[2012/11/14 14:32:24 | 000,000,586 | ---- | C] () -- C:\WINDOWS\tasks\Sheila1 Merge.job
[2012/11/14 14:32:22 | 000,000,574 | ---- | C] () -- C:\WINDOWS\tasks\Sheila1.job
[2012/11/14 14:31:16 | 000,000,584 | ---- | C] () -- C:\WINDOWS\tasks\Sheila Merge.job
[2012/11/14 14:31:14 | 000,000,572 | ---- | C] () -- C:\WINDOWS\tasks\Sheila.job
[2012/11/14 14:23:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Sheila DBAgent 2 0.job
[2012/11/14 13:24:39 | 000,000,646 | ---- | C] () -- C:\WINDOWS\tasks\G8 Accommodation1 Merge.job
[2012/11/14 13:24:37 | 000,000,634 | ---- | C] () -- C:\WINDOWS\tasks\G8 Accommodation1.job
[2012/11/14 13:10:39 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\G8 Accommodation Merge.job
[2012/11/14 13:10:37 | 000,000,632 | ---- | C] () -- C:\WINDOWS\tasks\G8 Accommodation.job
[2012/11/14 13:08:41 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\G8 Accommodation DBAgent 2 0.job
[2012/11/14 12:47:57 | 000,000,656 | ---- | C] () -- C:\WINDOWS\tasks\New COW Expression Merge.job
[2012/11/14 12:47:54 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\New COW Expression.job
[2012/11/14 12:47:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\New COW Expression DBAgent 2 0.job
[2012/11/14 12:32:33 | 000,000,656 | ---- | C] () -- C:\WINDOWS\tasks\Port Carling Boats Merge.job
[2012/11/14 12:32:31 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Port Carling Boats.job
[2012/11/14 12:31:22 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\Port Carling Boats DBAgent 2 0.job
[2012/11/14 12:20:48 | 000,000,572 | ---- | C] () -- C:\WINDOWS\tasks\User Merge.job
[2012/11/14 12:20:46 | 000,000,560 | ---- | C] () -- C:\WINDOWS\tasks\User.job
[2012/11/14 12:19:54 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\User DBAgent 2 0.job
[2012/11/14 12:05:57 | 000,000,668 | ---- | C] () -- C:\WINDOWS\tasks\Temp for email smgiv Merge.job
[2012/11/14 12:05:55 | 000,000,656 | ---- | C] () -- C:\WINDOWS\tasks\Temp for email smgiv.job
[2012/11/14 11:58:02 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\Temp for email smgiv DBAgent 2 0.job
[2012/11/14 11:56:55 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2012/11/14 11:33:04 | 3210,780,672 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/08 10:32:41 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Sheila\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/07 12:52:50 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/07 12:04:14 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/08/06 17:34:50 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/05/17 09:34:08 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2012/03/19 16:41:25 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/03/19 16:41:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/16 12:30:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/17 13:39:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/23 16:46:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\starter.INI
[2010/07/23 13:21:05 | 000,000,117 | ---- | C] () -- C:\WINDOWS\restore.INI
[2009/12/23 14:11:40 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/03/24 17:40:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 13:47:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/04 13:43:33 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/03/04 13:39:52 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/04 13:35:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/04 13:35:10 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/03/04 13:12:38 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/03/04 13:12:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/03/04 13:12:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/03/04 13:11:04 | 000,001,219 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/09 13:46:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2011/09/17 09:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caspedia
[2008/04/16 17:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/06/06 09:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/11/02 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2012/01/16 15:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/11/02 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/11/14 11:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/11/02 11:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/01/18 12:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/01/16 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/08/06 17:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/08/06 17:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/03/04 13:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/08 14:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/29 16:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/06 17:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/10 17:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Canon
[2011/09/17 09:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Caspedia
[2010/11/02 11:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/26 13:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Dropbox
[2012/08/09 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Hardware Helper
[2012/08/06 17:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\InterTrust
[2011/01/25 18:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\KeePass
[2012/08/06 17:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\ScanSoft
[2012/11/14 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\Seagate
[2011/06/07 15:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\UDC Profiles
[2011/02/01 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheila\Application Data\VirtualStore
[2012/11/14 13:22:22 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\G8 Accommodation DBAgent 2 0.job
[2012/11/14 13:20:28 | 000,000,644 | ---- | M] () -- C:\WINDOWS\Tasks\G8 Accommodation Merge.job
[2012/11/14 13:53:50 | 000,000,632 | ---- | M] () -- C:\WINDOWS\Tasks\G8 Accommodation.job
[2012/11/14 13:31:44 | 000,000,646 | ---- | M] () -- C:\WINDOWS\Tasks\G8 Accommodation1 Merge.job
[2012/11/14 14:01:55 | 000,000,634 | ---- | M] () -- C:\WINDOWS\Tasks\G8 Accommodation1.job
[2012/11/14 12:59:46 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\New COW Expression DBAgent 2 0.job
[2012/11/14 12:56:24 | 000,000,656 | ---- | M] () -- C:\WINDOWS\Tasks\New COW Expression Merge.job
[2012/11/14 12:56:19 | 000,000,644 | ---- | M] () -- C:\WINDOWS\Tasks\New COW Expression.job
[2012/11/14 12:42:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\Port Carling Boats DBAgent 2 0.job
[2012/11/14 12:40:46 | 000,000,656 | ---- | M] () -- C:\WINDOWS\Tasks\Port Carling Boats Merge.job
[2012/11/14 12:40:41 | 000,000,644 | ---- | M] () -- C:\WINDOWS\Tasks\Port Carling Boats.job
[2012/11/14 16:30:44 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Sheila DBAgent 2 0.job
[2012/11/14 14:31:17 | 000,000,584 | ---- | M] () -- C:\WINDOWS\Tasks\Sheila Merge.job
[2012/11/15 12:37:16 | 000,000,572 | ---- | M] () -- C:\WINDOWS\Tasks\Sheila.job
[2012/11/14 15:30:27 | 000,000,586 | ---- | M] () -- C:\WINDOWS\Tasks\Sheila1 Merge.job
[2012/11/15 13:05:40 | 000,000,574 | ---- | M] () -- C:\WINDOWS\Tasks\Sheila1.job
[2012/11/14 12:45:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\Temp for email smgiv DBAgent 2 0.job
[2012/11/14 12:14:33 | 000,000,668 | ---- | M] () -- C:\WINDOWS\Tasks\Temp for email smgiv Merge.job
[2012/11/14 12:44:51 | 000,000,656 | ---- | M] () -- C:\WINDOWS\Tasks\Temp for email smgiv.job
[2012/11/14 12:44:39 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\User DBAgent 2 0.job
[2012/11/14 12:29:18 | 000,000,572 | ---- | M] () -- C:\WINDOWS\Tasks\User Merge.job
[2012/11/14 12:29:13 | 000,000,560 | ---- | M] () -- C:\WINDOWS\Tasks\User.job
[2012/11/14 14:26:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E201E48-B373-4E02-8A61-919982036CA5}.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-11-29 14:56:06 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

OTL Extras logfile created on: 15/11/2012 1:46:52 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Sheila\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 14.24 Gb Free Space | 13.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 228.13 Gb Total Space | 145.12 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 783.09 Gb Free Space | 84.07% Space Free | Partition Type: NTFS

Computer Name: JETHROE
Current User Name: Sheila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Documents and Settings\Sheila\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Sheila\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- File not found
"C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks Database Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE" = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE:*:Enabled:QuickBooks Application -- (Intuit Canada ULC.)
"C:\Program Files\Intuit\QuickBooks 2012\DBManagerExe.exe" = C:\Program Files\Intuit\QuickBooks 2012\DBManagerExe.exe:*:Enabled:Quickbooks DB Manager Exe -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\FileManagement.exe" = C:\Program Files\Intuit\QuickBooks 2012\FileManagement.exe:*:Enabled:Quickbooks File Management -- ()
"C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe:*:Enabled:QuickBooks File Monitor Service -- (Intuit)
"C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe:*:Enabled:Quickbooks Launcher -- (Intuit Canada ULC.)
"C:\Program Files\Intuit\QuickBooks 2012\QBW32Pro.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBW32Pro.exe:*:Enabled:QuickBooks Pro 2012 -- (Intuit Canada ULC.)
"C:\Program Files\Intuit\QuickBooks 2009\QBW32Pro.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBW32Pro.exe:*:Enabled:QuickBooks Pro 2011 -- (Intuit Canada ULC.)
"C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe:*:Enabled:QuickBooks Database Server Manager -- (Intuit)
"C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe" = C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe:*:Enabled:Adobe ExtendScript Toolkit CS5 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe" = C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe:*:Enabled:Seagate Dashboard -- (Seagate Technology LLC)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{055C7B5D-B655-495D-BC4B-787994519AAA}" = Creative Memories Memory Manager 3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DF9F3D9-243E-4641-8588-99D025F43DF9}" = QuickBooks Pro 2011
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2008
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Rogers Connection Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95ED1AC3-DF2A-4719-B029-909C0875CD8F}" = Creative Memories StoryBook Creator Plus 3
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A21A4591-3608-4664-8CB2-64D02598B93F}" = QuickBooks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C763C1E0-30F3-4607-903A-D964D38DE1A4}_is1" = FutureTax NETFILE 2008
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CA}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9E858E3-522C-4E89-AACC-619CCA2E1EA4}" = ESET NOD32 Antivirus
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Alexa Toolbar" = Alexa Toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX130IS" = Canon PowerShot SX130 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hardware Helper_is1" = Hardware Helper v3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem90" = Adobe Premiere Elements 9
"QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool
"SearchAssist" = SearchAssist
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SynTPDeinstKey" = Dell Touchpad
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 15/11/2012 1:05:38 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 1:05:38 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 1:05:38 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 1:05:50 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Unable to find the
section for this mentu item!

Error - 15/11/2012 2:30:29 PM | Computer Name = JETHROE | Source = SQLANY 10.0 | ID = 1
Description =

Error - 15/11/2012 2:37:45 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 2:37:45 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 2:37:45 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 15/11/2012 2:37:47 PM | Computer Name = JETHROE | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.2719, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0016ac52.

Error - 15/11/2012 2:37:59 PM | Computer Name = JETHROE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Unable to find the
section for this mentu item!

[ OSession Events ]
Error - 14/06/2009 4:46:18 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted
2555 seconds with 1680 seconds of active time. This session ended with a crash.

Error - 30/07/2009 1:24:34 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted
553 seconds with 420 seconds of active time. This session ended with a crash.

Error - 26/02/2010 8:43:13 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted
135 seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/07/2010 4:30:20 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted
3494 seconds with 1740 seconds of active time. This session ended with a crash.

Error - 29/04/2011 6:29:43 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted
2184 seconds with 1860 seconds of active time. This session ended with a crash.

Error - 03/05/2011 12:58:55 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted
1160 seconds with 420 seconds of active time. This session ended with a crash.

Error - 04/10/2011 8:37:34 PM | Computer Name = JETHROE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 22, Application Name: Microsoft Expression Web, Application Version:
2008.1200.6329.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted
15293 seconds with 2340 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/11/2012 2:22:44 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 15/11/2012 2:22:44 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/11/2012 2:22:44 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 15/11/2012 2:22:44 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 15/11/2012 2:22:44 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/11/2012 2:22:45 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The Seagate Dashboard Services service terminated unexpectedly. It
has done this 1 time(s).

Error - 15/11/2012 2:22:45 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

Error - 15/11/2012 2:22:45 PM | Computer Name = JETHROE | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 15/11/2012 2:30:59 PM | Computer Name = JETHROE | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {1B38B5AE-0C92-4090-96F8-E299468913F0}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 15/11/2012 2:34:20 PM | Computer Name = JETHROE | Source = DCOM | ID = 10010
Description = The server {91493441-5A91-11CF-8700-00AA0060263B} did not register
with DCOM within the required timeout.

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2012-11-29 14:56:31 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
ESET NOD32 Antivirus
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
CCleaner
Java(TM) 6 Update 29
[color=red]Java version out of Date![/color]
Adobe Reader 8 [color=red]Adobe Reader out of Date![/color]
Adobe Reader X KB403742.. [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox (3.6) [color=red]Firefox out of Date![/color]
Google Chrome 22.0.1229.95
Google Chrome 23.0.1271.64
[u]````````Process Check: objlist.exe by Laurent````````[/u]
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 15% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5583aa93bf86114cbcb6acca1ac5c096
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-15 09:20:01
# local_time=2012-11-15 04:20:01 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8204 22379861 100 93 0 39172287 0 0
# scanned=426421
# found=0
# cleaned=0
# scan_time=7887
# nod_component=V3 Build:0x30000000
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-11-29 14:57:12 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Allyson
There is nothing glaring in the logs after a cursory inspection. I'll go over them more closely later today. I do, however, need more information before contuijng.

What, exactly did MS say it found and what program said it?

Are you having any specific issues?
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-11-30 11:17:49 ·

Allyson

join:2012-11-29
Huntsville, ON

MS did not say any program in particular, just that if I had any of 10 or 15 kbwindows updates installed I probably had hijackware.

This computer is really really really slow.

Thanks for your help

to forum · permalink · 2012-12-04 16:29:10 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to Allyson
I find the MS advice ludicrous at best.

Note that all slowness is not a definitive sign of infection. In fact, in many cases, it's not!

Let's start by looking for rootkits.

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-12-04 18:24:16 ·
Forums > Broadband Tech > Security > Security Cleanup

Tuesday, 09-Apr 00:35:28 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics