Firefox
-
Posts
19,941 -
Joined
-
Last visited
-
Days Won
9
Content Type
Events
Profiles
Forums
Everything posted by Firefox
-
Hello and Lets try this and see if it helps.... MBAM_ERROR_EXPANDING_VARIABLES (0,9) MBAM_ERROR_MISSING_FILE (3,0, mbamswissarmy.sys) The system cannot find the path specified. Here's a fix that exile360 made, it is universal for XP, Vista and Windows 7 and should fix the problem: Note: If using Windows Vista or Windows 7 you MUST right-click on the file and select "Run as administrator". Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor): @color 48 @echo off if exist "%allusersprofile%\Microsoft\Windows\Start Menu" md "%allusersprofile%\Microsoft\Windows\Start Menu\Programs\Startup" if not exist "%allusersprofile%\Microsoft\Windows\Start Menu" md "%allusersprofile%\Start Menu\Programs\Startup" if exist "%appdata%\Microsoft\Windows\Start Menu" md "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" if not exist "%appdata%\Microsoft\Windows\Start Menu" md "%userprofile%\Start Menu\Programs\Startup" del /f /q %0 Once you've done that click on File and select Save As... In the Save dialogue box click on the drop down menu next to Save as type and select All Files Name the file Fix.bat (the .bat extension is very important) Save the file to your desktop and double click it to run it if using Windows XP. If using Windows Vista or Windows 7 you MUST right-click on the file and select Run as administrator otherwise it will not work. Once that's complete try running Malwarebytes' Anti-Malware again to see if it now works without error or not.
-
Its running a full scan now, will let you know if it finds anything....
-
OK I installed the latest version of Symantec endpoint protection on this pc but it did not seem to solve the issue. I am sure that its the update but they are talking about.... I have ditched symantec on this computer for the time being, I am now running McAfee Corp Editon on this box. Do we want to call this case done?
-
How To Use The New Scheduler Once you register your full version make sure you schedule your program for automatic updates and scans..... Have a look at How To Use The New Scheduler
-
help packupdate107_231.exe
Firefox replied to nizaar's topic in Malwarebytes for Windows Support Forum
Hi, and Welcome to Malwarebytes! Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying. -
Yes I see you are have posted in the right area, stay at that area until you have been given an all clear by the expert that will be helping you..... Be patient, as they get busy there but they will help you get it going again.
-
Hi, and Welcome to Malwarebytes! As posted earlier by Haider, you need to seek help from one of the experts in the right section..... Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying.
-
Recent Scan uncovered "Bad" maLware"
Firefox replied to DonR's topic in Malwarebytes for Windows Support Forum
you should be OK, you can always run another scan tomorrow and see if you get an all clear. As for learning more, just hanging around here and reading in most sections of the forum you can learn a lot.... Also don't hesitate to ask questions, folks around here are eager to share their knowledge. -
Adding Initial Default Update And Scan Times To Scheduler.
Firefox replied to John Y.'s topic in Malwarebytes for Windows
just curious, will the new scheduler also allow you to edit your schedule items instead of having to delete them and then create a new one? -
Recent Scan uncovered "Bad" maLware"
Firefox replied to DonR's topic in Malwarebytes for Windows Support Forum
Hello and In that scan, if you like post the log file and we can look it over here, but it seems that its ok cause some Anti-virus software or firewall software makes those changes. -
I already signed up too...
-
Malwarebytes does not detect cookies so that is the differance in your logs....
-
Ok before I decide to ditch Symantec Endpoint Protection let me see how it does.... I have deleted all the temp files and I have also deleted what was in the Quarantine folder. There was 1.7GB of stuff in that folder, dont ask me from what or where, but I think it was a build up of all those tmp files it was detecting. I am going to try and find the update / service pack for it see what it does.
-
We are glad to help and also that you have configured it the way you like.... Should you have further questions or comment don't hesitate to ask....
-
intresting reading indeed, sounds like it is that, as far as you can see right now, I dont have anything weird huh? Do you want me to try a different AV product? I have serveral I can try?
-
Well this is all above my head, as I have not studied any of it..... could we just not find a huge astroid or rock, and throw it into the black hole and plug it?.... LOL
-
Steps to "get started" with the retail version?
Firefox replied to korny555's topic in Malwarebytes for Windows Support Forum
+1 -
I know what its like to work when your tired.... no worries..... Here are the OTL.txt and Extras.txt logs.... not sure what you meant about fix logs...... (I still have the OTL program open, should I close it or click on something else?) OTL logfile created on: 9/9/2010 8:24:01 AM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\cmack.TXFBDOM\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.96 Gb Total Space | 60.51 Gb Free Space | 61.77% Space Free | Partition Type: NTFS Drive D: | 200.07 Gb Total Space | 30.12 Gb Free Space | 15.05% Space Free | Partition Type: NTFS Drive E: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 931.22 Gb Total Space | 678.97 Gb Free Space | 72.91% Space Free | Partition Type: FAT32 Computer Name: 1WWLLF1 Current User Name: cmack Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\cmack.TXFBDOM\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation) PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation) PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Ghost\bin\dbserv.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Ghost\ngserver.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Ghost\db\..\bin\rteng9.exe () PRC - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Roxio 2010\5.0\CPMonitor.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) PRC - C:\Program Files\Roxio 2010\Roxio Burn\Roxio Burn.exe () PRC - C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () PRC - C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe (Sonic Solutions) PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Program Files\GetSmile\getsmile.exe (Sofrayt) PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\Program Files\r2 Studios\Tonic\Tonic.exe (r2 studios) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\cmack.TXFBDOM\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\GdiPlus.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (VSNAPVSS) -- C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation) SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (NGDBSERV) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe (Symantec Corporation) SRV - (NGSERVER) -- C:\Program Files\Symantec\Ghost\ngserver.exe (Symantec Corporation) SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions) SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\CMACK~1.TXF\AppData\Local\Temp\catchme.sys File not found DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (sbmount) -- C:\Windows\System32\drivers\sbmount.sys (StorageCraft Technology Corporation) DRV - (stcvsm) -- C:\Windows\system32\DRIVERS\stcvsm.sys (StorageCraft Technology Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100908.035\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100908.035\NAVENG.SYS (Symantec Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SysPlant) -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation) DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\System32\drivers\hidbatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (SaibVd32) -- C:\Windows\System32\drivers\SaibVd32.sys (Sonic Solutions) DRV - (SahdIa32) -- C:\Windows\System32\Drivers\SahdIa32.sys (Sonic Solutions) DRV - (SaibIa32) -- C:\Windows\System32\Drivers\SaibIa32.sys (Sonic Solutions) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (AW_HOST) -- C:\Windows\System32\drivers\AW_HOST5.sys (Symantec Corporation) DRV - (awlegacy) -- C:\Windows\System32\Drivers\awlegacy.sys (Symantec Corporation) DRV - (awecho) -- C:\Windows\System32\drivers\awechomd.sys (Symantec Corporation) DRV - (Gernuwa) -- C:\Windows\System32\drivers\GERNUWA.sys (Symantec Corporation) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sharepoint.txfb.org/it/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 8A 49 B4 35 F1 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.txfb-ins.local:8080 O1 HOSTS File: ([2010/09/02 14:04:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe () O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [Tonic] C:\Program Files\r2 Studios\Tonic\Tonic.exe (r2 studios) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [GetSmile] C:\Program Files\GetSmile\getsmile.exe (Sofrayt) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\cmack.TXFBDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: kltforums.net ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: malwarebytes.org ([forums] http in Trusted sites) O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites) O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites) O15 - HKCU\..Trusted Domains: txfb.org ([sharepoint] http in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dl...vex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://productivecorp.webex.com/client/T27...ng/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TXFB.ORG O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/09/09 08:16:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\cmack.TXFBDOM\Desktop\OTL.exe [2010/09/08 14:05:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/09/08 14:05:32 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\temp [2010/09/08 13:47:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/09/08 11:58:20 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\Desktop\GooredFix Backups [2010/09/08 08:45:38 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\Lunarsoft [2010/09/08 08:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft [2010/09/07 15:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra File Search [2010/09/02 16:19:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/09/02 13:57:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/09/02 13:57:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/09/02 13:57:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/09/02 13:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/09/02 13:56:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/01 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\Desktop\Donny Smith Pictures 2010 [2010/08/31 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Apple Computer [2010/08/27 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\vlc [2010/08/27 13:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/08/27 11:51:59 | 000,000,000 | ---D | C] -- C:\YouTubeVideos [2010/08/27 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\AliveMedia [2010/08/23 08:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010/08/19 07:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/08/18 14:30:31 | 000,193,440 | ---- | C] (StorageCraft Technology Corporation) -- C:\Windows\System32\drivers\stcvsm.sys [2010/08/17 15:41:06 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2010/08/17 15:41:02 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2010/08/17 15:41:02 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2010/08/17 15:40:56 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2010/08/17 15:40:44 | 000,024,624 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2010/08/17 15:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2010/08/17 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2010/08/17 10:48:30 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Download Manager [2010/08/12 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Opera [2010/08/12 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\Opera [2010/08/12 07:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2010/08/11 11:23:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/08/11 11:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/08/11 11:23:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/08/11 11:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/08/11 11:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/08/10 18:17:04 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll [2010/08/10 18:17:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010/08/10 18:17:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010/08/10 18:17:00 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/08/10 18:17:00 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/08/10 18:16:57 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/08/10 18:16:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/08/10 18:16:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/08/10 18:16:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/08/10 18:16:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/08/10 18:16:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/08/10 18:16:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/08/10 18:16:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/08/10 18:16:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/05/20 08:34:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.sys [2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2010/09/09 08:26:16 | 004,194,304 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat [2010/09/09 08:20:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\cmack.TXFBDOM\Desktop\OTL.exe [2010/09/09 08:09:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/09/09 07:09:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/09/08 20:45:34 | 000,080,384 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\MBRCheck.exe [2010/09/08 16:32:27 | 000,360,448 | ---- | M] (Interactive Studios Inc.) -- C:\Windows\System32\IsLicense40.dll [2010/09/08 16:21:12 | 000,022,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/08 16:21:12 | 000,022,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/08 16:18:31 | 000,734,468 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/08 16:18:31 | 000,629,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/08 16:18:31 | 000,108,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/09/08 16:13:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/08 16:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/08 16:13:03 | 2615,377,920 | -HS- | M] () -- C:\hiberfil.sys [2010/09/08 16:12:13 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx [2010/09/08 16:12:13 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx [2010/09/08 16:12:13 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx [2010/09/08 16:11:58 | 005,040,261 | -H-- | M] () -- C:\Users\cmack.TXFBDOM\AppData\Local\IconCache.db [2010/09/08 14:32:33 | 000,001,999 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\KLTImageshack uploader.lnk [2010/09/08 14:03:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/09/08 12:03:48 | 003,840,563 | R--- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\ComboFix.exe [2010/09/08 09:03:26 | 000,000,000 | ---- | M] () -- C:\Users\cmack.TXFBDOM\defogger_reenable [2010/09/08 08:45:38 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk [2010/09/02 14:04:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/09/02 10:42:17 | 000,748,739 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\A+ Card Businesses.pdf [2010/09/01 13:49:17 | 000,176,128 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\Fields_and_Formations_2009_08_C.vsd [2010/09/01 09:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010/09/01 09:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/09/01 09:22:51 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TM.blf [2010/09/01 08:26:16 | 000,037,677 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\HOT Rods Roster Fall 2010.pdf [2010/08/27 13:21:29 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/08/26 09:10:31 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010/08/26 09:10:31 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/08/26 09:10:31 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TM.blf [2010/08/23 09:49:52 | 000,000,756 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_23.08.2010_15-51drv.spi [2010/08/23 08:41:17 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/08/19 07:45:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/18 14:34:08 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX [2010/08/17 16:46:14 | 000,023,556 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\E4310 Latitude for Roslyn_details_po.pdf [2010/08/17 15:42:02 | 000,000,998 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk [2010/08/17 15:40:34 | 000,001,024 | ---- | M] () -- C:\.rnd [2010/08/17 15:40:26 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010/08/13 16:24:12 | 000,000,000 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\New Microsoft Office Word Document.docx [2010/08/12 10:42:56 | 000,013,030 | ---- | M] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Comma Separated Values (Windows).CAL [2010/08/12 10:41:48 | 000,003,825 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\dallascowboys2010.csv [2010/08/12 08:04:11 | 000,000,529 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\Delay_Protection_Start.zip [2010/08/12 07:52:09 | 000,000,827 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010/08/12 07:52:09 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010/08/11 03:21:57 | 000,548,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/08/11 03:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010/08/11 03:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/08/11 03:19:50 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TM.blf ========== Files Created - No Company Name ========== [2010/09/08 20:45:19 | 000,080,384 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\MBRCheck.exe [2010/09/08 14:10:35 | 000,000,261 | ---- | C] () -- C:\Users\cmack.TXFBDOM\activate.log [2010/09/08 13:32:41 | 003,840,563 | R--- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\ComboFix.exe [2010/09/08 09:03:26 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\defogger_reenable [2010/09/08 08:45:38 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk [2010/09/02 13:57:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/09/02 13:57:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/09/02 13:57:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/09/02 13:57:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/09/02 13:57:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/09/02 10:32:55 | 000,748,739 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\A+ Card Businesses.pdf [2010/09/01 13:49:17 | 000,176,128 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\Fields_and_Formations_2009_08_C.vsd [2010/09/01 08:26:16 | 000,037,677 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\HOT Rods Roster Fall 2010.pdf [2010/08/31 13:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010/08/31 13:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/08/31 13:43:18 | 000,065,536 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TM.blf [2010/08/27 13:21:29 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/08/25 13:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010/08/25 13:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010/08/25 13:49:43 | 000,065,536 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TM.blf [2010/08/23 09:04:13 | 000,000,756 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_23.08.2010_15-51drv.spi [2010/08/23 08:41:17 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/08/19 07:45:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/18 14:34:08 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX [2010/08/17 16:46:14 | 000,023,556 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\E4310 Latitude for Roslyn_details_po.pdf [2010/08/17 15:42:02 | 000,000,998 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk [2010/08/17 15:40:26 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2010/08/13 16:24:12 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\New Microsoft Office Word Document.docx [2010/08/12 10:42:56 | 000,013,030 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Comma Separated Values (Windows).CAL [2010/08/12 10:41:47 | 000,003,825 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\dallascowboys2010.csv [2010/08/12 07:52:09 | 000,000,827 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010/08/12 07:52:09 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010/08/11 08:23:20 | 000,000,529 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\Delay_Protection_Start.zip [2010/06/30 10:40:08 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010/05/27 13:43:31 | 000,003,088 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010/05/24 08:49:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\VNCpm.dll [2010/05/20 08:34:39 | 000,000,034 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.log [2010/05/20 08:34:08 | 000,007,887 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.cat [2010/05/20 08:34:08 | 000,001,144 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.inf [2010/05/13 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Local\rx_image32.Cache [2010/05/11 13:29:20 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010/05/11 13:29:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010/05/11 13:23:32 | 000,009,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll [2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL [2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini [2008/11/29 11:13:12 | 000,015,040 | ---- | C] () -- C:\Windows\System32\uddriver.sys [2006/06/12 17:15:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2004/06/12 07:56:51 | 000,036,608 | ---- | C] () -- C:\Windows\System32\BASSMOD.DLL [2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001/02/03 07:22:08 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll [2001/02/03 05:59:28 | 000,049,223 | ---- | C] () -- C:\Windows\System32\crtslv.dll [2000/10/25 23:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll [2000/04/12 21:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2000/04/12 21:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [1998/05/31 06:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll ========== LOP Check ========== [2010/08/26 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\FileZilla [2010/05/12 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\ImgBurn [2010/08/12 07:52:18 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Opera [2010/05/11 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Simple Star [2010/05/11 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Sofrayt [2010/05/13 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\TeamViewer [2010/08/26 10:17:03 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Vso [2010/07/28 10:59:51 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\webex [2009/07/13 23:53:46 | 000,021,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/12/24 19:19:32 | 000,537,368 | R--- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x64_2003\IaStor.sys [2009/12/24 19:19:32 | 000,537,368 | R--- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x64_2003\IaStor.sys [2009/12/24 19:19:32 | 000,277,784 | R--- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x86_XP\iaStor.sys [2009/12/24 19:19:32 | 000,277,784 | R--- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x86_XP\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009/12/24 19:19:32 | 000,232,040 | R--- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\iastorv\iaStorV.sys [2009/12/24 19:19:32 | 000,232,040 | R--- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\iastorv\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVATA.SYS > [2009/12/24 19:20:00 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sata_ide\nvata.sys [2009/12/24 19:20:00 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sata_ide\nvata.sys < MD5 for: NVATABUS.SYS > [2009/12/24 19:19:58 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\legacy\nvatabus.sys [2009/12/24 19:19:58 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\legacy\nvatabus.sys [2009/12/24 19:20:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sataraid\nvatabus.sys [2009/12/24 19:20:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sataraid\nvatabus.sys < MD5 for: NVSTOR.SYS > [2009/12/24 19:20:00 | 000,040,040 | R--- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\nvraid\nvstor.sys [2009/12/24 19:20:00 | 000,040,040 | R--- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\nvraid\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: VIAMRAID.SYS > [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\2003IA32\viamraid.sys [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Win2000\viamraid.sys [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Winxp\viamraid.sys [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\2003IA32\viamraid.sys [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Win2000\viamraid.sys [2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Winxp\viamraid.sys < MD5 for: VIASRAID.SYS > [2009/12/24 19:20:08 | 000,077,056 | R--- | M] (VIA Technologies inc,.ltd) MD5=45469FA05947D75874316649A22878D4 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.SATARaid\SATA\Winxp\viasraid.sys [2009/12/24 19:20:08 | 000,077,056 | R--- | M] (VIA Technologies inc,.ltd) MD5=45469FA05947D75874316649A22878D4 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.SATARaid\SATA\Winxp\viasraid.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:618D0840 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BEC0D766 < End of report > ------------------------------------------------------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 9/9/2010 8:24:01 AM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\cmack.TXFBDOM\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.96 Gb Total Space | 60.51 Gb Free Space | 61.77% Space Free | Partition Type: NTFS Drive D: | 200.07 Gb Total Space | 30.12 Gb Free Space | 15.05% Space Free | Partition Type: NTFS Drive E: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 931.22 Gb Total Space | 678.97 Gb Free Space | 72.91% Space Free | Partition Type: FAT32 Computer Name: 1WWLLF1 Current User Name: cmack Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{01287DE9-6EEB-488D-99C7-FE3C707A87AC}" = BIAS SoundSoap SE 2.2 "{04049B18-7319-48ED-AE48-8AF73C2B06E7}" = CCSMailCaptureSetup "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn "{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A72CBD5-806C-4C52-8E23-1FB28F1E1DB5}" = ShadowProtect Desktop "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers "{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Update "{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}" = Symantec Endpoint Protection "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery "{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A3C6818-2706-11D7-9605-0000E224ED8B}" = WinDSX V3.7.25 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center "{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager "{BE8585BF-DC7A-4AE0-0A2E-000007493152}" = Symantec Ghost Console and Standard Tools "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C708C5C2-A170-48B8-A0A2-69C8E0935A28}" = AttachmentOptions "{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{DDF1A502-7670-44A1-BB19-399574D7FD34}" = Pocket Highscores "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{F07737AC-C218-4272-A678-26CA5F6CD8DF}" = Opera 10.61 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.13.326 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "ActiveTouchMeetingClient" = WebEx "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.7 Professional "Adobe Acrobat 8 Professional_817" = Adobe Acrobat 8.1.7 - CPSID_50029 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ALchemy" = Creative ALchemy "Alive YouTube Video Converter_is1" = Alive YouTube Video Converter (version 2.6.0.2) "AnyDVD" = AnyDVD "AudioCS" = Creative Audio Control Panel "CCleaner" = CCleaner "Console Launcher" = Creative Console Launcher "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties" = Creative Sound Blaster Properties "DFX for Windows Media Player" = DFX for Windows Media Player "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.3.4.1 "GetSmile0903_is1" = GetSmile v1.952 "ImgBurn" = ImgBurn "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "KLTImageshack uploader" = KLTImageshack uploader "LightZone 3.7" = LightZone 3.7 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Mace Enterprise Pro Surveillance System(Basic)" = Mace Enterprise Pro Surveillance System(Basic) "MainApp.exe_is1" = CloneDVD 5.0.2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MVApplication1" = SureThing CD Labeler Deluxe 4 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ObjectDock Plus" = ObjectDock Plus "OpenAL" = OpenAL "pdfFactory Pro" = pdfFactory Pro "RealVNC_is1" = VNC Enterprise Edition E4.5.3 "Remote Client" = Remote Client "Roxio PhotoShow" = Roxio PhotoShow "Spb AirIslands qVGA" = Spb AirIslands qVGA "Spb Arkaball II" = Spb Arkaball II "Spb Balltracker" = Spb Balltracker "Spb Brain Evolution" = Spb Brain Evolution "Spb Bubbles" = Spb Bubbles "Spb FreeCell" = Spb FreeCell "Spb Matches" = Spb Matches "Spb Minesweeper II" = Spb Minesweeper II "Spb Numbers" = Spb Numbers "Spb Quadronica" = Spb Quadronica "Spb Sudoku" = Spb Sudoku "Spb Xonix II qVGA" = Spb Xonix II qVGA "TeamViewer 5" = TeamViewer 5 "Tonic" = Tonic v1.0 (build 990) "UltimateDefrag 2008" = UltimateDefrag 2008 "UltraISO_is1" = UltraISO Premium V9.33 "VLC media player" = VLC media player 1.1.4 "VMware_Workstation" = VMware Workstation "VNCMirror_is1" = VNC Mirror Driver 1.8.0 "VNCPrinter_is1" = VNC Printer Driver 1.6.0 "WaveStudio 7" = Creative WaveStudio 7 "WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/9/2010 7:21:11 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH8F83.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:22:34 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH8D17.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:23:03 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHA588.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:23:33 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHBF21.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:26:28 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH1CEC.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:26:58 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH35BA.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:27:28 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH4ED7.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:32:51 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHF953.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:33:22 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH11C4.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error - 9/9/2010 7:33:51 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH2AB1.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. [ System Events ] Error - 9/8/2010 2:48:25 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/8/2010 2:52:43 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 9/8/2010 2:57:28 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/8/2010 3:03:48 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195 Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is the error. Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195 Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is the error. Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195 Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is the error. Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195 Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is the error. Error - 9/8/2010 3:29:32 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = DCOM | ID = 10010 Description = Error - 9/8/2010 5:14:05 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. < End of report >
-
C:\Users\cmack.TXFBDOM\AppData\Local\temp That is the location where its detecting it at, I checked earlier and there were no temp files in there that were detected, but now there are quite a few there, and they are being automatically detected and Quarantined by my AV. I understand that you have to get some rest..... have a good night and we can followup in the morning..... I am Central time in the USA and as I type this it is 9:52PM.
-
Below you will find the log..... by the way, my computer is currently detecting (Symantec Endpoint Protection) Trojan.Gen every few seconds at this time. 2010/09/08 21:42:25.0440 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/08 21:42:25.0440 ================================================================================ 2010/09/08 21:42:25.0440 SystemInfo: 2010/09/08 21:42:25.0440 2010/09/08 21:42:25.0440 OS Version: 6.1.7600 ServicePack: 0.0 2010/09/08 21:42:25.0440 Product type: Workstation 2010/09/08 21:42:25.0441 ComputerName: 1WWLLF1 2010/09/08 21:42:25.0444 UserName: cmack 2010/09/08 21:42:25.0444 Windows directory: C:\Windows 2010/09/08 21:42:25.0444 System windows directory: C:\Windows 2010/09/08 21:42:25.0444 Processor architecture: Intel x86 2010/09/08 21:42:25.0444 Number of processors: 8 2010/09/08 21:42:25.0444 Page size: 0x1000 2010/09/08 21:42:25.0444 Boot type: Normal boot 2010/09/08 21:42:25.0444 ================================================================================ 2010/09/08 21:42:28.0664 Initialize success 2010/09/08 21:42:49.0269 ================================================================================ 2010/09/08 21:42:49.0269 Scan started 2010/09/08 21:42:49.0269 Mode: Manual; 2010/09/08 21:42:49.0269 ================================================================================ 2010/09/08 21:42:54.0248 ================================================================================ 2010/09/08 21:42:54.0248 Scan finished 2010/09/08 21:42:54.0248 ================================================================================
-
REALLY SLOW COMPUTER
Firefox replied to SLOW_COMPUTER_HELP's topic in Malwarebytes for Windows Support Forum
-
@ sleepyrz please stay in one topic..... The instructions below are for updating the database Manually.... the like works fine from all the locations I surf the net here in the USA where I am at..... What is your location? Maybe they have a DNS issue there..... also if you can not download the manual update, then follow the instructions for coping the rules file from one computer to another which is also listed below. Manual Update of Definition Database If you cannot update the database to the latest version within the MBAM window, you may follow the instructions below and update it manually: ISSUE: I need to get the latest database onto a computer that cannot access the Internet. SOLUTION: You can manually copy the database from a working computer using a flash drive or CD onto the infected PC. Our database file is stored in the following locations. Windows XP and 2000 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref Windows Vista and Windows 7: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref You can also download a manual update from HERE - ***NOTE: This manual update will always be way behind in version level compared to updates from within the program. **NOTE: Please note though that this should be a last resort and if at all possible you should attempt to download updates from within the program. Once the system is clean and stable again you should update again from within the program.
-
@ sleepyrz The instructions below are for updating the database Manually.... the like works fine from all the locations I surf the net here in the USA where I am at..... What is your location? Maybe they have a DNS issue there..... also if you can not download the manual update, then follow the instructions for coping the rules file from one computer to another which is also listed below. Manual Update of Definition Database If you cannot update the database to the latest version within the MBAM window, you may follow the instructions below and update it manually: ISSUE: I need to get the latest database onto a computer that cannot access the Internet. SOLUTION: You can manually copy the database from a working computer using a flash drive or CD onto the infected PC. Our database file is stored in the following locations. Windows XP and 2000 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref Windows Vista and Windows 7: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref You can also download a manual update from HERE - ***NOTE: This manual update will always be way behind in version level compared to updates from within the program. **NOTE: Please note though that this should be a last resort and if at all possible you should attempt to download updates from within the program. Once the system is clean and stable again you should update again from within the program.
-
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F That partition is my external usb Buffalo terastation which contains two 1GB hard drives that are also mirrored. Still waiting to see if you want me to proceed with the previous instructions....
-
REALLY SLOW COMPUTER
Firefox replied to SLOW_COMPUTER_HELP's topic in Malwarebytes for Windows Support Forum
can you give us some specs on that computer? Make, model number What service pack? We know you have windows xp now with 448mb RAM
