cwatford Posted July 11, 2010 ID:282618 Share Posted July 11, 2010 Hi! I have TrendMicro OfficeScan and Malwares Antispyware program on my laptop. After a few security warnings of blocked URLs I ran the full scan of the antimalware. Three infections were found and either removed or quarantined and to be removed after rebooting. All three contained "system32\6to4v.dll" I rebooted and then opened Internet Explorer. After a few seconds a trend message pops up "OfficeScan detected a Web security policy violation and blocked the URLs listed below" and IE immediately closes. I re did a full scan and no infections were detected. Below is the HijackThis log. Also when I shut down a svchost.exe-application error came up. The screen went blank before I could copy the error information.Thank you in advance for you help!!!! It is GREATLY appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:02:25 PM, on 7/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\LANDesk\Shared Files\residentagent.exeC:\WINDOWS\system32\PMService.exeC:\Program Files\LANDesk\LDClient\LocalSch.EXEC:\WINDOWS\system32\CBA\pds.exeC:\PROGRA~1\LANDesk\LDClient\issuser.exeC:\Program Files\LANDesk\LDClient\policy.client.invoker.exeC:\Program Files\LANDesk\LDClient\tmcsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\LANDesk\LDClient\collector.exeC:\PROGRA~1\LANDesk\LDClient\LDregwatch.exeC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exeC:\WINDOWS\system32\rpcnet.exeC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exeC:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exeC:\Program Files\LANDesk\LDClient\softmon.exeC:\Program Files\Lightspeed Systems\User Agent\UAService.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exeC:\PROGRA~1\LANDesk\LDClient\rcgui.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exeC:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.horrycountyschools.netR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.horrycountyschools.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Horry County SchoolsO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindowO4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exeO4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /backgroundO4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.hcsad.localO15 - Trusted Zone: *.horrycountyschools.netO15 - Trusted Zone: *.hcs.k12.sc.usO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248694631828O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1248696139704O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hcsad.LOCALO17 - HKLM\Software\..\Telephony: DomainName = hcsad.LOCALO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hcsad.LOCALO23 - Service: LANDesk® Management Agent (CBA8) - Avocent Corporation - C:\Program Files\LANDesk\Shared Files\residentagent.exeO23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exeO23 - Service: Intel Local Scheduler Service - Avocent Corporation - C:\Program Files\LANDesk\LDClient\LocalSch.EXEO23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exeO23 - Service: LANDesk Remote Control Service (ISSUSER) - Avocent Corporation - C:\PROGRA~1\LANDesk\LDClient\issuser.exeO23 - Service: LANDesk Policy Invoker - Avocent Corporation - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exeO23 - Service: LANDesk Targeted Multicast - Avocent Corporation - C:\Program Files\LANDesk\LDClient\tmcsvc.exeO23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeO23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Absolute Software Corp. - C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exeO23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exeO23 - Service: SMART Board Service - SMART Technologies - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exeO23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exeO23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exeO23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exeO23 - Service: LANDesk® Software Monitoring Service (Softmon) - Avocent Corporation - C:\Program Files\LANDesk\LDClient\softmon.exeO23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exeO23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeO23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exeO23 - Service: User Agent Service (UAService) - Lightspeed Systems - C:\Program Files\Lightspeed Systems\User Agent\UAService.exe--End of file - 8978 bytes Link to post Share on other sites More sharing options...
Elise Posted July 12, 2010 ID:282822 Share Posted July 12, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
cwatford Posted July 13, 2010 Author ID:283265 Share Posted July 13, 2010 quote name='elise025' date='Jul 12 2010, 07:18 AM' post='282822']Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER logHi! Thanks for your help. Below you will find the OTL log and Extra.txt. I tried to run the GMER log. It would run for a will and then my computer would shut down. I tried it multiple times and I also tried to run it in Safe Mode. However, my computer will not run in any of the safe mode options. I had to save the programs you asked for onto a flash drive and then put it on my laptop. I don't know if that would make any difference. Is there anything else I can try?OTL logfile created on: 7/12/2010 11:12:09 AM - Run 1OTL by OldTimer - Version 3.2.9.0 Folder = E:\ChrystiWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.53 Gb Total Space | 59.94 Gb Free Space | 80.42% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.77% Space Free | Partition Type: FATF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: KEMDMC3XC1Current User Name: CWatfordNOT logged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/07/12 11:10:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Chrysti\OTL.exePRC - [2010/05/10 08:46:20 | 000,181,680 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exePRC - [2010/03/12 10:30:38 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exePRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exePRC - [2010/01/05 13:43:52 | 000,779,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exePRC - [2010/01/05 13:43:46 | 011,154,728 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exePRC - [2010/01/05 13:43:34 | 005,981,480 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exePRC - [2010/01/05 13:43:26 | 001,811,752 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exePRC - [2010/01/05 13:43:24 | 003,372,328 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exePRC - [2009/12/05 09:38:04 | 000,263,680 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\SoftMon.exePRC - [2009/11/23 17:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exePRC - [2009/11/23 17:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exePRC - [2009/11/23 17:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXEPRC - [2009/11/23 16:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exePRC - [2009/11/23 16:40:56 | 000,445,952 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\LDRegWatch.exePRC - [2009/11/23 16:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\issuser.exePRC - [2009/11/23 16:28:18 | 000,313,344 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\rcgui.exePRC - [2009/11/04 14:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exePRC - [2009/09/08 04:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exePRC - [2009/09/04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exePRC - [2009/09/04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exePRC - [2009/07/15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exePRC - [2009/07/06 15:19:04 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exePRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exePRC - [2008/08/07 15:48:30 | 000,192,512 | ---- | M] (Lightspeed Systems) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exePRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exePRC - [2007/05/10 12:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exePRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exePRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exePRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exePRC - [2005/01/21 16:07:16 | 000,081,920 | ---- | M] (TerraNovum) -- C:\WINDOWS\system32\PMService.exePRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe========== Modules (SafeList) ==========MOD - [2010/07/12 11:10:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Chrysti\OTL.exeMOD - [2010/01/05 13:43:52 | 000,075,048 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\UtahHook.dllMOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - [2010/05/10 08:46:20 | 000,181,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)SRV - [2010/03/12 10:30:38 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)SRV - [2010/01/05 13:44:20 | 001,053,992 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)SRV - [2010/01/05 13:44:04 | 001,262,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe -- (SMART Web Server)SRV - [2010/01/05 13:43:52 | 000,779,560 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe -- (SMART Display Controller)SRV - [2010/01/05 13:43:24 | 003,372,328 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe -- (SMART Board Service)SRV - [2009/12/05 09:38:04 | 000,263,680 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®SRV - [2009/11/23 17:19:16 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)SRV - [2009/11/23 17:06:24 | 000,072,704 | ---- | M] (Avocent Corporation ) [Disabled | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger) LANDesk®SRV - [2009/11/23 17:05:00 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)SRV - [2009/11/23 17:00:24 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)SRV - [2009/11/23 17:00:14 | 000,066,048 | ---- | M] (Avocent Corporation ) [Disabled | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc) LANDesk®SRV - [2009/11/23 16:29:34 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)SRV - [2009/11/04 14:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®SRV - [2009/09/04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)SRV - [2009/09/04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)SRV - [2009/07/15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)SRV - [2009/07/06 15:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)SRV - [2008/08/07 15:48:30 | 000,192,512 | ---- | M] (Lightspeed Systems) [Auto | Running] -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe -- (UAService)SRV - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)SRV - [2005/01/21 16:07:16 | 000,081,920 | ---- | M] (TerraNovum) [Auto | Running] -- C:\WINDOWS\system32\PMService.exe -- (EPA_GPO_PMService) Energy Star========== Driver Services (SafeList) ==========DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)DRV - [2009/11/23 15:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)DRV - [2009/11/23 15:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)DRV - [2009/11/23 15:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)DRV - [2009/07/15 18:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)DRV - [2009/07/06 15:11:50 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)DRV - [2009/07/06 15:11:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)DRV - [2009/07/06 15:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)DRV - [2008/08/21 07:38:10 | 000,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)DRV - [2008/06/02 12:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2008/03/19 15:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)DRV - [2007/05/10 12:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2006/09/21 17:53:16 | 000,004,442 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\vulScan\TPPWRIF.SYS -- (TPPWRIF)DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.horrycountyschools.netIE - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.horrycountyschools.net/IE - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://www.horrycountyschools.net/"FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3.0\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2010/03/18 07:19:35 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3.0\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2010/03/18 07:19:36 | 000,000,000 | ---D | M][2010/03/18 07:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cwatford\Application Data\Mozilla\Extensions[2010/03/18 07:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cwatford\Application Data\Mozilla\Firefox\Profiles\8kuarjk4.default\extensions[2010/04/07 21:15:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/03/18 12:59:26 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}[2009/09/17 17:50:18 | 003,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dllO1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)O4 - HKLM..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe (Environmental Protection Agency)O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Activities presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Suggested Sites presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Activities presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Suggested Sites presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Activities presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Suggested Sites presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Activities presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Suggested Sites presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Activities presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Main presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Privacy presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Security presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\SQM presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\Suggested Sites presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing presentO7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1O7 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1O15 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\..Trusted Domains: hcsad.local ([]* in Trusted sites)O15 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\..Trusted Domains: horrycountyschools.net ([]* in Trusted sites)O15 - HKU\S-1-5-21-3971793666-923319370-1088539497-22341\..Trusted Domains: k12.sc.us ([*.hcs] * in Trusted sites)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1248694631828 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1248696139704 (MUWebControl Class)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_07)O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_13)O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hcsad.LOCALO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/07/23 17:45:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/07/12 11:10:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/07/12 11:10:43 | 000,452,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/07/12 11:10:43 | 000,074,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/07/12 11:10:42 | 000,536,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/07/12 11:07:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/07/12 11:06:41 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe[2010/07/12 11:06:38 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll[2010/07/12 11:06:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/07/12 11:06:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/07/11 17:44:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\cwatford\ntuser.ini[2010/07/11 17:44:31 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\cwatford\ntuser.dat[2010/07/11 17:34:36 | 006,905,910 | -H-- | M] () -- C:\Documents and Settings\cwatford\Local Settings\Application Data\IconCache.db[2010/07/09 18:56:01 | 000,053,404 | ---- | M] () -- C:\Documents and Settings\cwatford\My Documents\secure.pbteen.com-checkout-thanks.tif[2010/07/06 16:58:55 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn[2010/07/02 16:15:46 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\cwatford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/06/27 23:48:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\cwatford\My Documents\fb.doc[2010/06/24 12:56:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\cwatford\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/06/14 14:56:30 | 000,050,224 | ---- | M] () -- C:\Documents and Settings\cwatford\My Documents\Bobby FAFSA.TIF[2010/06/12 19:02:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/07/09 18:56:00 | 000,053,404 | ---- | C] () -- C:\Documents and Settings\cwatford\My Documents\secure.pbteen.com-checkout-thanks.tif[2010/06/27 23:48:14 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\cwatford\My Documents\fb.doc[2010/06/24 12:56:16 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\cwatford\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/06/14 14:56:29 | 000,050,224 | ---- | C] () -- C:\Documents and Settings\cwatford\My Documents\Bobby FAFSA.TIF[2010/06/12 19:02:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn[2010/06/12 19:02:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for[2010/04/16 12:30:15 | 000,000,090 | ---- | C] () -- C:\WINDOWS\bi_group.ini[2010/03/18 07:15:27 | 000,016,030 | ---- | C] () -- C:\WINDOWS\cfgall.ini[2010/03/12 10:28:28 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll[2009/07/27 09:48:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2009/07/27 08:27:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008/03/13 23:53:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll[2008/02/28 14:30:02 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\AutoItX3.dll[2008/02/28 14:30:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll[2007/03/15 11:47:48 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll[2004/09/27 15:37:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\PMevents.dll[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI< End of report >OTL Extras logfile created on: 7/12/2010 11:12:09 AM - Run 1OTL by OldTimer - Version 3.2.9.0 Folder = E:\ChrystiWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.53 Gb Total Space | 59.94 Gb Free Space | 80.42% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.77% Space Free | Partition Type: FATF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: KEMDMC3XC1Current User Name: CWatfordNOT logged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-21-3971793666-923319370-1088539497-22341\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"5900:TCP" = 5900:TCP:*:Enabled:GenControl"5800:TCP" = 5800:TCP:*:Enabled:GenControl"9535:TCP" = 9535:TCP:*:Enabled:LDRemote"6129:TCP" = 6129:TCP:*:Enabled:DameWare"1433:TCP" = 1433:TCP:*:Enabled:SQL"8100:TCP" = 8100:TCP:*:Enabled:EOCTesting"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002"636:UDP" = 636:UDP:*:Enabled:LDAPSSLTCP"1723:TCP" = 1723:TCP:*:Enabled:PPTP"2701:UDP" = 2701:UDP:*:Enabled:REMOTECONROLSCCM"2701:TCP" = 2701:TCP:*:Enabled:REMOTECONROLSCCM2"2702:UDP" = 2702:UDP:*:Enabled:REMOTEDATASCCM"2702:TCP" = 2702:TCP:*:Enabled:REMOTEDATASCCM2"4011:UDP" = 4011:UDP:*:Enabled:BINL"8530:TCP" = 8530:TCP:*:Enabled:HypertextTrans"8531:TCP" = 8531:TCP:*:Enabled:HypertextTransSSL"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"9535:UDP" = 9535:UDP:*:enabled:LANDesk® Remote Control Agent UDP Port"67:UDP" = 67:UDP:*:enabled:LANDesk® PXE UDP Port"67:TCP" = 67:TCP:*:enabled:LANDesk® PXE TCP Port"47436:TCP" = 47436:TCP:*:Enabled:Trend Micro OfficeScan Listener[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"47436:TCP" = 47436:TCP:*:Enabled:Trend Micro OfficeScan Listener"9535:UDP" = 9535:UDP:*:enabled:LANDesk® Remote Control Agent UDP Port"9535:TCP" = 9535:TCP:*:Enabled:LDRemote"67:UDP" = 67:UDP:*:enabled:LANDesk® PXE UDP Port"67:TCP" = 67:TCP:*:enabled:LANDesk® PXE TCP Port"5900:TCP" = 5900:TCP:*:Enabled:GenControl"5800:TCP" = 5800:TCP:*:Enabled:GenControl"6129:TCP" = 6129:TCP:*:Enabled:DameWare"1433:TCP" = 1433:TCP:*:Enabled:SQL"8100:TCP" = 8100:TCP:*:Enabled:EOCTesting"636:UDP" = 636:UDP:*:Enabled:LDAPSSLTCP"1723:TCP" = 1723:TCP:*:Enabled:PPTP"2701:UDP" = 2701:UDP:*:Enabled:REMOTECONROLSCCM"2701:TCP" = 2701:TCP:*:Enabled:REMOTECONROLSCCM2"2702:UDP" = 2702:UDP:*:Enabled:REMOTEDATASCCM"2702:TCP" = 2702:TCP:*:Enabled:REMOTEDATASCCM2"4011:UDP" = 4011:UDP:*:Enabled:BINL"8530:TCP" = 8530:TCP:*:Enabled:HypertextTrans"8531:TCP" = 8531:TCP:*:Enabled:HypertextTransSSL========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\LANDesk\LDClient\wuser32.exe" = C:\Program Files\LANDesk\LDClient\wuser32.exe:*:enabled:Remote Control Agent -- File not found"%windir%\system32\msgsys.exe" = %windir%\system32\msgsys.exe:*:enabled:LANDesk® CBA Message System -- (LANDesk Software Ltd.)"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:enabled:LANDesk® Targeted Multicast Client -- (Avocent Corporation )"C:\WINDOWS\system32\CBA\pds.exe" = C:\WINDOWS\system32\CBA\pds.exe:*:enabled:LANDesk® Ping Discovery Service -- (LANDesk Software Ltd.)"C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)"C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)"C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service -- (SMART Technologies ULC)"C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe:*:Enabled:SMART Web Server -- ()"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (Avocent Corporation)"C:\Program Files\TestTkr\TestTkr.exe" = C:\Program Files\TestTkr\TestTkr.exe:*:Enabled:NWEA -- (Northwest Evaluation Association)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\CBA\pds.exe:*:enabled:LANDesk® Ping Discovery Service -- (LANDesk Software Ltd.)"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (Avocent Corporation )"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:enabled:LANDesk® Targeted Multicast Client -- (Avocent Corporation )"C:\Program Files\LANDesk\LDClient\wuser32.exe" = C:\Program Files\LANDesk\LDClient\wuser32.exe:*:enabled:Remote Control Agent -- File not found"%windir%\system32\msgsys.exe" = %windir%\system32\msgsys.exe:*:enabled:LANDesk® CBA Message System -- (LANDesk Software Ltd.)"C:\Program Files\TestTkr\TestTkr.exe" = C:\Program Files\TestTkr\TestTkr.exe:*:Enabled:NWEA -- (Northwest Evaluation Association)"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (Avocent Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{0A0719F0-AD56-42BA-B68C-EFFC330B6F13}" = SMART Notebook"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client"{2623A1E3-478A-4F4A-A522-3A3D784A0C9C}" = SMART Product Drivers"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35F8B3DE-E6AD-496A-B5F0-C86D29691B2C}" = Larson Elementary Math Student - 2nd Grade"{36E9F948-8E49-4612-AB80-B072DF9970B8}" = FireFox353"{39A3316F-4942-4852-8909-46B7A409DED4}" = Larson Elementary Math Student - Kindergarten"{3ABBB075-9938-48F9-9D58-C613B8CBBBA7}" = Larson Elementary Math - 1st Grade"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry Link to post Share on other sites More sharing options...
Elise Posted July 13, 2010 ID:283355 Share Posted July 13, 2010 Hello again,Please do not quote my posts, instead reply using the Add Reply button. COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
cwatford Posted July 14, 2010 Author ID:283962 Share Posted July 14, 2010 Hi, Below are the results of combofix. I could not disable Trend because I do not have access to all functions of it. Thanks!ComboFix 10-07-13.02 - CWatford 07/13/2010 23:26:47.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -4:00]Running from: e:\chrysti\ComboFix.exeAV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {18547C92-1C88-4963-B040-E9AD1C194FD8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Install.exec:\windows\system32\st325602.dllInfected copy of c:\windows\system32\drivers\symc8xx.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-14 03:22 . 2010-03-12 14:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe2010-07-14 03:22 . 2010-03-12 14:31 57752 ----a-w- c:\windows\system32\rpcnet.dll2010-07-14 02:10 . 2010-03-12 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan2010-07-12 17:31 . 2010-03-12 14:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll2010-07-10 05:58 . 2010-04-11 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-12 02:03 . 2009-07-27 12:10 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-26 17:46 . 2010-05-26 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy2010-05-26 03:07 . 2010-05-26 03:06 -------- d-----w- c:\documents and settings\cwatford\Application Data\GetRightToGo2010-05-18 23:08 . 2010-05-18 20:34 256 ----a-w- c:\windows\system32\pool.bin2010-05-18 20:36 . 2010-05-18 20:34 -------- d-----w- c:\documents and settings\cwatford\Application Data\Research In Motion2010-05-18 20:33 . 2010-05-18 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion2010-05-18 20:33 . 2010-05-18 20:32 -------- d-----w- c:\program files\Research In Motion2010-05-18 20:32 . 2010-05-18 20:32 -------- d-----w- c:\program files\Common Files\Research In Motion2010-05-18 20:32 . 2010-05-18 20:32 -------- d-----w- c:\program files\Common Files\Roxio Shared2010-04-29 19:39 . 2010-04-11 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 19:39 . 2010-04-11 20:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2008-05-09 16:31 . 2010-05-26 12:16 176128 ----a-w- c:\program files\reschange.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]"EPA_EZ_GPO_Tool"="c:\windows\system32\EZ_GPO_Tool.exe" [2005-01-21 69632]"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-1-5 11154728][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"disablecad"= 1 (0x1)"SoftwareSASGeneration"= 3 (0x3)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceStartMenuLogOff"= 1 (0x1)"NoSimpleStartMenu"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]"NoAutoUpdate"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-12936\Scripts\Logoff\0\0]"Script"=ssoclient[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-12936\Scripts\Logon\0\0]"Script"=%logonserver%\NETLOGON\Logon\SSOClientLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-12936\Scripts\Logon\0\1]"Script"=ChangeDOPrintersToDA.vbe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-22341\Scripts\Logoff\0\0]"Script"=ssoclient[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-22341\Scripts\Logon\0\0]"Script"=%logonserver%\NETLOGON\Logon\SSOClientLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3971793666-923319370-1088539497-22341\Scripts\Logon\0\1]"Script"=ChangeDOPrintersToDA.vbe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\cba\\pds.exe"= c:\\WINDOWS\\system32\\CBA\\pds.exe"c:\\WINDOWS\\system32\\msgsys.exe"="c:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="c:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="%windir%\\system32\\msgsys.exe"="c:\\Program Files\\TestTkr\\TestTkr.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"139:TCP"= 139:TCP:@xpsp2res.dll,-22004"445:TCP"= 445:TCP:@xpsp2res.dll,-22005"137:UDP"= 137:UDP:@xpsp2res.dll,-22001"138:UDP"= 138:UDP:@xpsp2res.dll,-22002"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"47436:TCP"= 47436:TCP:Trend Micro OfficeScan Listener"9535:UDP"= 9535:UDP:LANDesk® Remote Control Agent UDP Port"9535:TCP"= 9535:TCP:LDRemote"67:UDP"= 67:UDP:LANDesk® PXE UDP Port"67:TCP"= 67:TCP:LANDesk® PXE TCP Port"5900:TCP"= 5900:TCP:GenControl"5800:TCP"= 5800:TCP:GenControl"6129:TCP"= 6129:TCP:DameWare"1433:TCP"= 1433:TCP:SQL"8100:TCP"= 8100:TCP:EOCTesting"636:UDP"= 636:UDP:LDAPSSLTCP"1723:TCP"= 1723:TCP:PPTP"2701:UDP"= 2701:UDP:REMOTECONROLSCCM"2701:TCP"= 2701:TCP:REMOTECONROLSCCM2"2702:UDP"= 2702:UDP:REMOTEDATASCCM"2702:TCP"= 2702:TCP:REMOTEDATASCCM2"4011:UDP"= 4011:UDP:BINL"8530:TCP"= 8530:TCP:HypertextTrans"8531:TCP"= 8531:TCP:HypertextTransSSL[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]"Enabled"= 1 (0x1)R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [11/4/2009 2:21 PM 147456]R2 EPA_GPO_PMService;Energy Star EZ GPO Power Management Configuration Tool;c:\windows\system32\PMService.exe [1/21/2005 4:07 PM 81920]R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [3/12/2010 11:50 AM 195072]R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe [3/12/2010 11:50 AM 182272]R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [1/5/2010 1:43 PM 779560]R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [3/12/2010 11:50 AM 263680]R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/12/2010 11:54 AM 50704]R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [9/30/2009 3:38 PM 230928]R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/30/2009 3:37 PM 36368]R2 UAService;User Agent Service;c:\program files\Lightspeed Systems\User Agent\UAService.exe [8/7/2008 3:48 PM 192512]R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [3/12/2010 11:50 AM 14336]R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [3/12/2010 11:50 AM 5120]R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [3/12/2010 11:50 AM 6144]R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/15/2009 6:37 PM 689416]S2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\rpcnet\Bin\rpcld.exe [3/12/2010 10:33 AM 181680]S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [1/5/2010 1:44 PM 1053992]S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Product Drivers\WebServer.exe [1/5/2010 1:44 PM 1262888]S4 ProcTrigger;LANDesk® Process Trigger Service;c:\program files\LANDesk\LDClient\ProcTriggerSvc.exe [3/12/2010 11:50 AM 72704]S4 tracksvc;LANDesk® Power Management Track Service;c:\program files\LANDesk\LDClient\tracksvc.exe [3/12/2010 11:50 AM 66048]--- Other Services/Drivers In Memory ---*Deregistered* - uphcleanhlp[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll..------- Supplementary Scan -------.uStart Page = hxxp://www.horrycountyschools.net/uInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000Trusted Zone: hcsad.localTrusted Zone: horrycountyschools.netTrusted Zone: k12.sc.us\*.hcsFF - ProfilePath - c:\documents and settings\cwatford\Application Data\Mozilla\Firefox\Profiles\8kuarjk4.default\FF - prefs.js: browser.startup.homepage - hxxp://www.horrycountyschools.net/FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dllFF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\.**************************************************************************scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: **************************************************************************.Completion time: 2010-07-13 23:43:44ComboFix-quarantined-files.txt 2010-07-14 03:43Pre-Run: 64,406,429,696 bytes freePost-Run: 65,186,648,064 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - BDD269D56BB492A3C0C0FDB5B97BD76BQuarantined Files2010-07-14 03:36:05 . 2010-07-14 03:36:05 8,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2010-07-14 01:42:07 . 2010-07-14 03:25:41 153 ----a-w- C:\Qoobox\Quarantine\catchme.log2009-07-27 13:00:32 . 2007-08-21 15:58:12 146,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\st325602.dll.vir2007-11-07 13:03:18 . 2007-11-07 13:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir Link to post Share on other sites More sharing options...
Elise Posted July 14, 2010 ID:284098 Share Posted July 14, 2010 Hello again,That took out a nasty rootkit. Before continuing the cleanup, please consider the following information.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.UPDATE JAVA------------------Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.Look for "JDK 6 Update 21 (JDK or JRE)".Click the "Download JRE" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the Java Setup - Welcome window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.Please launch MBAM, update it and run a full scan. Post me the resulting log together with a description of any remaining problem. Link to post Share on other sites More sharing options...
Elise Posted July 21, 2010 ID:287900 Share Posted July 21, 2010 Hi, are you still there? Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2010 Staff ID:296321 Share Posted August 5, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts