Jump to content

Hski

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I created a "test" new profile and the problem has disappeared. So there must be something in my original profile that's messing with my settings. Now the challenge is to migrate my user.js, about:config settings, passwords etc. from the old profile to the new (without the offending item(s). Any advice?
  2. :(Greetings Friends: I have an XP Pro SP3 computer using Firefox 3.0.5. Recently, whenever I start Firefox, it opens to the page(s) I was using before I closed it, despite the fact that I set it to open on a blank page. I've set the preferences to "when firefox starts show a blank page" but it wont work; it always reverts to the pages I was using before closed. I've checked the "about:config" page and it's set appropriately. I've checked all my virus software and nothing is set to "protect" the home page. This only happens with Firefox. I also have IE and Opera and they seem unaffected. I've run all the virus scan noted in this forum and others and nothing found. Help! Thanks.
  3. here's the compressed SIGVERIF File attached SIGVERIF.zip SIGVERIF.zip
  4. OTListIt Extras logfile created on: 11/5/2008 12:04:52 AM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free 2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUMAN-ECCQD9YRE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/09/19 16:34:18 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0 "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6 "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5A0AED3A-D592-4433-8CC8-46EE7AB7ABF7}" = SMCWCB-G WLAN Cardbus "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator "{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-09-09 "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B10C92AE-2C2B-11DD-97B5-005056806466}" = Google Earth Plugin "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint "{B772E270-02DF-4B70-9FA8-1383BBB81FDD}" = Intel® Processor Frequency ID Utility "{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}" = Prospector "{DD7CDE4F-23DC-4C51-B749-0198C50F352D}_is1" = PDF to Word "{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.03.125 "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0 "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser "{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "7-Zip" = 7-Zip 4.57 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Allway Sync_is1" = Allway Sync version 8.3.1 "Almeza MultiSet Professional 5.6_is1" = Almeza MultiSet Professional 5.6 "AMP Font Viewer" = AMP Font Viewer "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Aplus Video Converter_is1" = Aplus Video Converter 8.79 "AptEdit Pro 4.5.1 for Giveaway_is1" = AptEdit Pro 4.5.1 for Giveaway "Auction Inquisitor" = Auction Inquisitor 1.0.0.0 "Audacity_is1" = Audacity 1.2.6 "Audit Support Center" = Audit Support Center 1.0 "Belarc Advisor 2.0" = Belarc Advisor 7.2 "BusinessCardsMX3_is1" = BusinessCardsMX 3.92 "Calibrize_is1" = Calibrize 2.0 "CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600 "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CPUMon_is1" = CPUMon "CraigsPalFree_is1" = CraigsPalFree version 3.08 "DiskCleaner" = Disk Cleaner (remove only) "DriverView" = DriverView "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1 "Easy Macro Recorder_is1" = Easy Macro Recorder 3.70 "Easy Unit Converter_is1" = Easy Unit Converter 1.21 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Edraw Max_is1" = Edraw Max 4 "Eraser" = Eraser "FastStone Image Viewer" = FastStone Image Viewer 3.5 "filehippo.com" = filehippo.com Update Checker "Foxit PDF Creator" = Foxit PDF Creator "Foxit Reader" = Foxit Reader "Free Hide Folder" = Free Hide Folder "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Gadwin PrintScreen" = Gadwin PrintScreen "Glary Utilities_is1" = Glary Utilities 2.7.268 "GPL Ghostscript 8.61" = GPL Ghostscript 8.61 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "ie7" = Windows Internet Explorer 7 "Image Mender" = Image Mender 1.1 "Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers "IPNetInfo" = IPNetInfo "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover "MediaCoder" = MediaCoder 0.6.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mobile Photo Enhancer_is1" = Mobile Photo Enhancer 1.3 "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3) "Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17) "MRW!UninstallKey" = InCD Reader "NeroMultiInstaller!UninstallKey" = Nero Suite "NetStat Agent_is1" = NetStat Agent 2.0 "NTREGOPT_is1" = NTREGOPT 1.1j "OnlineArmor_is1" = Online Armor 3.0 "PC Wizard 2008_is1" = PC Wizard 2008.1.80 "Process Explorer" = Process Explorer "RealPlayer 6.0" = RealPlayer "Recover Keys_is1" = Recover Keys "Revo Uninstaller" = Revo Uninstaller 1.75 "Scribus 1.3.3.12" = Scribus 1.3.3.12 "Some PDF to HTM Converter_is1" = Some PDF to HTM Converter 1.1 "Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.1 "SopCast" = SopCast 3.0.3 "SpeedFan" = SpeedFan (remove only) "StartupCPL_EXE" = StartupCPL_EXE "SyncBack_is1" = SyncBack "Sysinternals Software" = Sysinternals Software "TNT Screen Capture (Free version for GiveAwayOfT~CFCC0AE8_is1" = EC Software TNT Screen Capture 2.1 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "TurboTax Home & Business 2007" = TurboTax Home & Business 2007 "TV Player" = Veetle TV Player 0.9.7 "TVUPlayer" = TVUPlayer 2.3.6.1 "Unlocker" = Unlocker 1.8.7 "Veetle TV Player" = Veetle TV Player 0.9.7 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPatrol" = WinPatrol 2008 "WinRAR archiver" = WinRAR archiver "Wondershare Photo Collage Studio Giveaway Edition_is1" = Wondershare Photo Collage Studio 4.2.8 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "ZipInstaller" = ZipInstaller ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Abacast Client" = Abacast Client "Google Chrome" = Google Chrome ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Abacast Client" = Abacast Client "Google Chrome" = Google Chrome < End of report >
  5. I'll send the files one at a time to see if that works. OTListIt logfile created on: 11/5/2008 12:04:52 AM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free 2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUMAN-ECCQD9YRE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008/10/06 23:09:14 | 06,223,048 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008/10/06 23:09:18 | 02,115,784 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe [2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe [2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running]) [2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2002/10/16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [On_Demand | Stopped]) [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008/05/28 20:58:23 | 00,051,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe -- (gupdate1c8c12f8a6bbb80 [Disabled | Stopped]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) [2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped]) [2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Disabled | Stopped]) [2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008/03/09 10:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [On_Demand | Stopped]) [2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat [Auto | Running]) [2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running]) [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped]) ========== Driver Services ========== [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) [1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running]) [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running]) [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running]) [2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running]) [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [system | Running]) [2002/04/05 14:00:54 | 00,073,827 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC [On_Demand | Running]) [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running]) [2005/04/19 18:07:48 | 00,737,789 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2002/08/14 00:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [boot | Running]) [2002/08/14 00:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [boot | Running]) [2006/03/23 16:15:58 | 00,102,016 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running]) [2006/03/23 16:15:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running]) [2006/03/23 16:15:56 | 00,033,536 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Stopped]) [2008/04/13 23:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running]) [2006/07/23 14:23:11 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running]) [2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2007/08/31 11:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running]) [2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [system | Running]) [2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [system | Running]) [2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [system | Running]) [2002/10/15 13:59:24 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [system | Running]) [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2003/02/24 14:30:02 | 00,135,292 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial [On_Demand | Stopped]) [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) [2008/08/19 22:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running]) [2008/08/19 22:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) [2008/08/19 22:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/04/21 06:26:00 | 00,457,344 | R--- | M] (SMC Networks, Inc.) -- C:\WINDOWS\system32\drivers\SMCWCBG.sys -- (SMCWCBG [On_Demand | Stopped]) [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running]) [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running]) [2003/05/30 16:50:46 | 00,690,973 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem [boot | Running]) [2003/05/30 17:45:16 | 00,477,403 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom [boot | Running]) [2003/05/28 11:08:12 | 00,066,111 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice [boot | Running]) [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped]) [2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running]) [2004/04/21 16:51:00 | 00,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5 [Auto | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local O1 HOSTS File: (269159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 9315 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Update Class) - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll () O3 - HKCU\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-527237240-854245398-1060284298-500\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu) O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios) O4 - HKCU..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn) O4 - HKU\S-1-5-21-527237240-854245398-1060284298-500..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = -- File not found igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}" (HKLM) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/07/22 23:34:38 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command] "" = G:\LaunchU3.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2008/11/04 23:56:57 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe [2008/10/31 17:32:59 | 15,405,003 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe [2008/10/31 12:45:46 | 00,018,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm [2008/10/30 20:18:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2008/10/30 19:19:39 | 00,045,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2008/10/29 22:12:41 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/10/29 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/10/28 16:49:53 | 00,098,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html [2008/10/28 16:17:12 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OnlineArmor [2008/10/27 09:11:10 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys [2008/10/27 09:11:10 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys [2008/10/27 09:11:10 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys [2008/10/27 09:11:00 | 00,000,000 | ---D | C] -- C:\OnlineArmor [2008/10/26 21:45:57 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat [2008/10/26 20:09:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2008/10/26 16:27:46 | 00,000,000 | -HSD | C] -- C:\found.000 [2008/10/25 16:12:37 | 02,692,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf [2008/10/25 07:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp [2008/10/24 17:03:27 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/23 11:13:48 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Program Files\WinsockxpFix.exe [2008/10/22 12:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Calibrize [2008/10/21 11:41:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ICC Profiles [2008/10/20 10:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaskCoach [2008/10/20 10:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\TaskCoach [2008/10/19 09:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc [2008/10/16 16:54:01 | 00,208,384 | ---- | C] (Paul McLain and Fred de Vries) -- C:\Program Files\JavaRa.exe [2008/10/15 08:52:21 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/10/15 08:52:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/15 08:52:16 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/15 08:52:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/15 08:52:10 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/10/15 08:52:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/10/14 14:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\To Read [2008/10/13 14:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2008/10/13 14:11:10 | 00,000,000 | ---D | C] -- C:\Program Files\JRE [2008/10/13 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2008/10/07 09:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Teorex [2008/10/06 15:49:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings [2008/10/06 15:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings [2008/10/06 15:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\Allway Sync ========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe [2008/11/04 23:43:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/04 23:42:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/04 22:17:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/04 21:22:43 | 00,522,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/04 21:22:43 | 00,441,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/04 21:22:43 | 00,071,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/31 17:33:16 | 15,405,003 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe [2008/10/31 12:45:47 | 00,018,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm [2008/10/31 08:15:06 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe [2008/10/29 15:39:30 | 00,269,159 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/10/28 16:49:54 | 00,098,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html [2008/10/28 16:17:12 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2008/10/27 10:30:19 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini [2008/10/27 10:30:19 | 00,000,281 | -H-- | M] () -- C:\boot.ini [2008/10/27 10:30:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/10/27 09:30:53 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx [2008/10/27 08:22:42 | 00,082,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/10/26 21:45:58 | 00,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat [2008/10/26 16:23:26 | 02,648,538 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2008/10/25 16:12:37 | 02,692,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf [2008/10/22 15:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/15 09:10:06 | 00,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/15 08:41:52 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:SummaryInformation @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys [2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys [2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys < End of report >
  6. It's not my computer, seems to be the site (browser seems to be working ok). Whenever I post the logs and try to upload the file, it seems the site tries to send the message but I get an error message that says unable to do so, or it freezes. I'll try again
  7. I've been unable to post since last night. This is a test
  8. Thanks once again. Ran DCOMCNFG and got 2 error messages relating to yahoo messenger (I know and have it) so I clicked ok. I entered the console successfully with no other error messages. Ran Windows update successfully (nothing critical to download). Looked at the link you sent "MS04-015 does not install correctly". The resolution is to enable the Help and Support service, but it was already running and set at automatic. That link contained another link that said "To reinstall the security update that is documented in Microsoft Security Bulletin MS04-015, download and then run the appropriate package from the following Microsoft Web site". When I went there, there was no download for XP SP3, only XP and XP SP1 so I took no further action.
  9. Sorry...I forgot to tell you that the Event Viewer info that I noted earlier was only from the past few days. I had looked at the Event Viewer earlier and noted that the dates for the events seemed really messed up; after 2006 it was showing 2033 and dates like that so I couldn't tell what was what. So I saved the events then cleared the viewer (System and Application only).
  10. One more bit of info. I just rebooted and took an immediate look at the Event Viewer. In the "Application" section it listed the following errors: "A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. " This is noted twice in the Viewer. This sounds ominous. What does it mean? Could this, combined with my previous list of errors be part of a remote attack of some sort? In the "System" section, I didn't get the DCOM errors, but I did notice entries showing that the Event Viewer was stopped and started. I also noted the following again: "The following boot-start or system-start driver(s) failed to load: AVG Clean Drive"
  11. Thanks: Disk drive listed in device manager is WDCWD800VE-07HDT0 No red or yellow in any of the device manager entries . Lots of error entries in the event viewer. Most of these are entered many times. All are from "system". They are as follows: "The following boot-start or system-start driver(s) failed to load: AVG Clean Driver" I dont' know what this is. I don't have AVG, I have Avira Anti-Virus running. Maybe it's part of Avira? Also, I did run many things to eliminate the possibility of a virus so maybe it's related to that?. "The Windows Service Pack Installer update service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." I enabled this. "DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}". I have TONS of this message. DCOM service WAS running (automatic). "The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." This was disabled so I re-enabled it. I know it was previously enabled. " The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." Tons of these too. I enabled Telephony service. I think this was was previously enabled. No errors found for any anything to do with either Hard Drive, SCSI, IDE, EIDE, SATA errors. The only errors were noted above (most were listed many times). My hard drive is only 1, maybe 2 years old. I ran a disk check (with both boxes checked) after the start of my problems and it completed successfully. Thanks for your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.