Magiclure Posted August 6, 2010 ID:297000 Share Posted August 6, 2010 My Windows XP Pro computer is infected. I ran Malwarebytes Quick Scan and found nothing. Then ran Avira and found TR/Crypt.ZPack.Gen at itcqzsv.sys, but Avira couldn't repair. Then ran DeFogger per Malwarebytes' guide, but it failed to finalize. Logs are attached for Avira and DeFogger. Please help!AVSCAN_20100806_143204_BE01B1EE.txtdefogger_disable.txt Link to post Share on other sites More sharing options...
Elise Posted August 7, 2010 ID:297221 Share Posted August 7, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
Magiclure Posted August 8, 2010 Author ID:297792 Share Posted August 8, 2010 Hi Elise, thanks for your response. I ran OTL as you said, but after multiple attempts including running in Safe Mode I was unable to get Gmer to complete its scan. Finally in desperation/frustration I ran Combofix which now seems to have fixed my problem. After multiple scans I find no further infactions, and everything seems to work fine. Thanks for your time anyway! Link to post Share on other sites More sharing options...
Elise Posted August 8, 2010 ID:297797 Share Posted August 8, 2010 If you wish you can post the combofix log for my review.Note - combofix is a very powerful tool. It is not intended to be run without supervision. In most cases it will run fine, but every now and then something goes wrong which may cause a computer no longer to be able to boot. Link to post Share on other sites More sharing options...
Magiclure Posted August 8, 2010 Author ID:297889 Share Posted August 8, 2010 Thanks, I know Combofix can go awry, but I was getting so frustrated with trying to get Gmer to run I was ready to turn this computer to scrap and buy a Mac. Anyway I would apreciate your review of the Combofix log, however I guess Combofix wrote over the original log as I ran another scan today to be sure everything was OK. The file below is from the most recent scan. BobComboFix 10-08-07.01 - Bob Howe 08/08/2010 12:17:21.7.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.493 [GMT -7:00]Running from: c:\documents and settings\Bob Howe\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}.((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 ))))))))))))))))))))))))))))))).2010-08-08 01:36 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe2010-08-08 01:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe2010-07-27 01:45 . 2010-07-27 01:45 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys2010-07-27 00:15 . 2010-07-27 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2010-07-26 19:34 . 2010-07-26 19:56 -------- d-----w- C:\2d8e158d4ab85a19979042e508042010-07-26 18:54 . 2010-07-26 18:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-07-26 18:52 . 2010-07-26 18:52 -------- d-sh--w- c:\documents and settings\Bob Howe\IECompatCache2010-07-26 18:51 . 2010-07-26 18:51 -------- d-sh--w- c:\documents and settings\Bob Howe\PrivacIE2010-07-26 18:45 . 2010-07-26 18:45 -------- d-sh--w- c:\documents and settings\Bob Howe\IETldCache2010-07-26 18:41 . 2010-07-26 20:02 -------- d-----w- c:\windows\ie8updates2010-07-26 18:37 . 2010-07-26 18:39 -------- dc-h--w- c:\windows\ie82010-07-26 18:34 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-07-26 18:34 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-07-26 18:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-07-26 18:34 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll2010-07-26 04:37 . 2010-07-26 04:37 -------- d-----w- c:\documents and settings\Bob Howe\Local Settings\Application Data\FixItCenter2010-07-26 04:34 . 2010-07-26 04:34 -------- d-----w- c:\windows\MATS2010-07-26 04:34 . 2010-07-26 04:34 -------- d-----w- c:\program files\Microsoft Fix it Center2010-07-26 03:42 . 2010-07-26 03:42 -------- d-----w- c:\windows\system32\wbem\Repository2010-07-22 18:16 . 2010-07-22 18:16 249920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2010-07-21 00:32 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-07-21 00:32 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-07-21 00:32 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll2010-07-21 00:32 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll2010-07-21 00:32 . 2008-04-13 17:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-07-21 00:32 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-07-21 00:05 . 2010-07-23 20:27 -------- d-----w- c:\documents and settings\Bob Howe\Local Settings\Application Data\hruoiarny2010-07-14 13:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-07 18:44 . 2008-06-15 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-07-26 17:06 . 2009-03-11 17:09 -------- d-----w- c:\program files\Windows Live Safety Center2010-07-21 21:39 . 2003-10-06 15:39 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-07-21 17:33 . 2009-03-04 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-21 15:25 . 2009-09-18 04:18 0 ----a-w- c:\windows\Apemevubeqovuzi.bin2010-07-21 00:06 . 2009-09-18 04:18 120 ----a-w- c:\windows\Imekodusexuyo.dat2010-06-14 14:31 . 2003-06-28 19:28 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe2005-05-26 21:35 . 2009-03-09 18:52 1422 ----a-w- c:\program files\ReadMe.txt2003-08-24 15:24 . 2003-08-24 15:24 6290926 -c--a-w- c:\program files\streetsmartproLI.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-01 315392]"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]"fspr"="c:\program files\Folder Shield\FolderShield.exe" [2003-05-26 315904]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-08 180269]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-15 503869]InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-28 106496]officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-3-9 270336][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Esohomura]2008-04-14 00:12 187904 ----a-w- c:\windows\agayewec.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Real\\RealOne Player\\realplay.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Google\\Google Earth\\googleearth.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"67:UDP"= 67:UDP:DHCP Discovery Service[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundRouterRequest"= 0 (0x0)"AllowOutboundTimeExceeded"= 0 (0x0)R0 bxShield;BAxBEx File Protector;c:\windows\system32\drivers\bxShield.sys [5/26/2003 2:13 AM 45056]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/17/2009 1:59 PM 108289]S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys --> c:\documents and settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys [?]S2 FSService;FSService;c:\program files\Folder Shield\FSService.exe [5/26/2003 2:13 AM 28672]S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [5/8/2008 9:59 AM 204800]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [7/3/2003 6:37 PM 4112].Contents of the 'Scheduled Tasks' folder2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]2003-11-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8062089891.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]2010-08-08 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 17:22]..------- Supplementary Scan -------.uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:5643uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab..------- File Associations -------..scr=AutoCADScriptFile.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-08 12:27Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]"DisplayName"="?\13?\13""DeviceDesc"="?\13?\13""ProviderName"="""MFG"="???\\""ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF""DeviceInstanceIds"=multi:"p_inf\\cx_08040.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(724)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(2432)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\mshtml.dllc:\windows\system32\msls31.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-08-08 12:30:37ComboFix-quarantined-files.txt 2010-08-08 19:30ComboFix2.txt 2010-08-08 02:00ComboFix3.txt 2009-03-09 18:13ComboFix4.txt 2009-03-06 15:44ComboFix5.txt 2010-08-08 19:15Pre-Run: 6,859,165,696 bytes freePost-Run: 6,845,399,040 bytes free- - End Of File - - 113677C2777ED8736653B95BB1F8C966 Link to post Share on other sites More sharing options...
Elise Posted August 9, 2010 ID:298134 Share Posted August 9, 2010 There are still some malware leftovers showing.CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Esohomura]File::c:\windows\agayewec.dllDDS::uInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:5643Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298391 Share Posted August 9, 2010 ComboFix 10-08-07.01 - Bob Howe 08/09/2010 9:51.8.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.716 [GMT -7:00]Running from: c:\documents and settings\Bob Howe\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Bob Howe\Desktop\CFScript.txtAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FILE ::"c:\windows\agayewec.dll".((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\agayewec.dll.((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))))).2010-08-08 01:36 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe2010-08-08 01:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe2010-07-27 01:45 . 2010-07-27 01:45 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys2010-07-27 00:15 . 2010-07-27 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2010-07-26 19:34 . 2010-07-26 19:56 -------- d-----w- C:\2d8e158d4ab85a19979042e508042010-07-26 18:54 . 2010-07-26 18:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-07-26 18:52 . 2010-07-26 18:52 -------- d-sh--w- c:\documents and settings\Bob Howe\IECompatCache2010-07-26 18:51 . 2010-07-26 18:51 -------- d-sh--w- c:\documents and settings\Bob Howe\PrivacIE2010-07-26 18:45 . 2010-07-26 18:45 -------- d-sh--w- c:\documents and settings\Bob Howe\IETldCache2010-07-26 18:41 . 2010-07-26 20:02 -------- d-----w- c:\windows\ie8updates2010-07-26 18:37 . 2010-07-26 18:39 -------- dc-h--w- c:\windows\ie82010-07-26 18:34 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2010-07-26 18:34 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2010-07-26 18:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-07-26 18:34 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll2010-07-26 03:42 . 2010-07-26 03:42 -------- d-----w- c:\windows\system32\wbem\Repository2010-07-22 18:16 . 2010-07-22 18:16 249920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2010-07-21 00:32 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-07-21 00:32 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-07-21 00:32 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll2010-07-21 00:32 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll2010-07-21 00:32 . 2008-04-13 17:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-07-21 00:32 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-07-21 00:05 . 2010-07-23 20:27 -------- d-----w- c:\documents and settings\Bob Howe\Local Settings\Application Data\hruoiarny2010-07-14 13:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-08 22:48 . 2009-03-11 17:09 -------- d-----w- c:\program files\Windows Live Safety Center2010-08-08 19:45 . 2008-06-15 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater2010-08-08 19:36 . 2003-06-28 20:18 -------- d-----w- c:\program files\InterVideo2010-08-08 19:35 . 2008-05-23 02:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner2010-08-08 19:34 . 2003-07-02 22:31 -------- d-----w- c:\program files\Common Files\Autodesk Shared2010-08-08 19:34 . 2003-07-02 22:31 -------- d-----w- c:\program files\AutoCAD 20022010-07-21 21:39 . 2003-10-06 15:39 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-07-21 17:33 . 2009-03-04 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-21 15:25 . 2009-09-18 04:18 0 ----a-w- c:\windows\Apemevubeqovuzi.bin2010-07-21 00:06 . 2009-09-18 04:18 120 ----a-w- c:\windows\Imekodusexuyo.dat2010-06-14 14:31 . 2003-06-28 19:28 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe2005-05-26 21:35 . 2009-03-09 18:52 1422 ----a-w- c:\program files\ReadMe.txt2003-08-24 15:24 . 2003-08-24 15:24 6290926 -c--a-w- c:\program files\streetsmartproLI.exe.((((((((((((((((((((((((((((( SnapShot@2010-08-08_19.27.41 ))))))))))))))))))))))))))))))))))))))))).+ 2010-08-06 01:28 . 2010-08-06 01:28 464272 c:\windows\Downloaded Program Files\wlscBase.dll- 2010-02-06 03:52 . 2010-02-06 03:52 464272 c:\windows\Downloaded Program Files\wlscBase.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-01 315392]"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]"fspr"="c:\program files\Folder Shield\FolderShield.exe" [2003-05-26 315904]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-08 180269]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-15 503869]officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-3-9 270336][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Real\\RealOne Player\\realplay.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Google\\Google Earth\\googleearth.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"67:UDP"= 67:UDP:DHCP Discovery Service[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundRouterRequest"= 0 (0x0)"AllowOutboundTimeExceeded"= 0 (0x0)R0 bxShield;BAxBEx File Protector;c:\windows\system32\Drivers\bxShield.sys --> c:\windows\system32\Drivers\bxShield.sys [?]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/17/2009 1:59 PM 108289]S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys --> c:\documents and settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys [?]S2 FSService;FSService;c:\program files\Folder Shield\FSService.exe [5/26/2003 2:13 AM 28672]S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [5/8/2008 9:59 AM 204800]S4 AloPar;AloPar;c:\windows\system32\drivers\AloPar.sys [7/3/2003 6:37 PM 4112].Contents of the 'Scheduled Tasks' folder2010-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]2003-11-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8062089891.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]2010-08-09 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 17:22]..------- Supplementary Scan -------.uStart Page = hxxp://my.yahoo.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-09 10:00Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\bxShield.sys 45056 bytes executablec:\windows\system32\fsbx.ini 446 bytesscan completed successfullyhidden files: 2**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]"DisplayName"="?\13?\13""DeviceDesc"="?\13?\13""ProviderName"="""MFG"="???\\""ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF""DeviceInstanceIds"=multi:"p_inf\\cx_08040.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(716)c:\windows\system32\Ati2evxx.dll.Completion time: 2010-08-09 10:03:20ComboFix-quarantined-files.txt 2010-08-09 17:03ComboFix2.txt 2010-08-08 19:30ComboFix3.txt 2010-08-08 02:00ComboFix4.txt 2009-03-09 18:13ComboFix5.txt 2010-08-09 16:15Pre-Run: 6,891,528,192 bytes freePost-Run: 6,868,336,640 bytes free- - End Of File - - 0F8B6855182BAE47D72CE56327471248 Link to post Share on other sites More sharing options...
Elise Posted August 9, 2010 ID:298418 Share Posted August 9, 2010 Hi, your combofix log is now clean.If you'd like a more general check you can post the requested OTL logs. Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298430 Share Posted August 9, 2010 Hi Elise, my Windows Explorer still keeps givng error messages on shut down. Either OTL did not create Extra.txt or put it where I can't find it. Here's the OTL log -OTL logfile created on: 8/9/2010 11:33:17 AM - Run 3OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bob Howe\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 586.00 Mb Available Physical Memory | 57.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 6.43 Gb Free Space | 8.62% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: BOBCurrent User Name: Bob HoweLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - File not found -- C:\Program Files\Folder Shield\fsp.exePRC - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exePRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exePRC - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exePRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/10/09 20:30:37 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/09/25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exePRC - [2007/09/25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exePRC - [2007/09/24 23:30:28 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exePRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exePRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exePRC - [2004/09/08 15:36:11 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2003/09/15 16:56:32 | 001,126,484 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2003/09/15 16:53:06 | 000,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Folder Shield\FSService.exePRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exePRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exePRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exePRC - [2003/03/20 14:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exePRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exePRC - [2002/03/21 20:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe========== Modules (SafeList) ==========MOD - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exeMOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (ISPwdSvc)SRV - File not found [Disabled | Stopped] -- -- (Automatic LiveUpdate Scheduler)SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)SRV - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2006/10/07 12:54:53 | 001,087,680 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)SRV - [2005/06/03 08:49:41 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)SRV - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Folder Shield\FSService.exe -- (FSService)SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL)DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP)DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys -- (SABKUTIL)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BOBHOW~1\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\bxShield.sys -- (bxShield)DRV - [2009/12/07 09:23:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2008/05/16 07:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)DRV - [2008/05/16 07:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)DRV - [2008/05/12 09:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)DRV - [2003/09/15 16:27:04 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)DRV - [2003/09/15 16:26:40 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)DRV - [2003/09/15 16:23:40 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)DRV - [2003/09/15 16:22:06 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)DRV - [2003/09/15 16:17:02 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)DRV - [2003/09/15 16:15:28 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (BtAudio)DRV - [2003/09/15 16:14:36 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)DRV - [2003/04/01 17:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)DRV - [2003/03/19 17:00:00 | 000,201,088 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)DRV - [2002/08/14 08:00:00 | 000,004,112 | ---- | M] (Eisenworld, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AloPar.sys -- (AloPar)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..network.proxy.ftp: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ftp_port: 8080FF - prefs.js..network.proxy.gopher: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.gopher_port: 8080FF - prefs.js..network.proxy.http: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.http_port: 8080FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.socks_port: 8080FF - prefs.js..network.proxy.ssl: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ssl_port: 8080[2005/07/13 08:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions[2005/07/13 08:43:46 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}O1 HOSTS File: ([2010/08/09 10:00:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKLM..\Run: [fspr] C:\Program Files\Folder Shield\FolderShield.exe ()O4 - HKLM..\Run: [intelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKU\S-1-5-21-572454927-3685698554-67682326-1004..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\S-1-5-21-572454927-3685698554-67682326-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O15 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.)O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1121021012078 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1112891133968 (MUWebControl Class)O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37874.855462963 (Reg Error: Key error.)O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.228.160.5 216.228.160.6O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003/06/28 12:30:43 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/08/09 10:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe[2010/08/07 18:29:12 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010/08/07 11:55:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 18:45:11 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 12:34:36 | 000,000,000 | ---D | C] -- C:\2d8e158d4ab85a19979042e50804[2010/07/26 11:52:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IECompatCache[2010/07/26 11:51:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\PrivacIE[2010/07/26 11:45:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IETldCache[2010/07/26 11:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates[2010/07/26 11:37:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/07/26 11:34:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll[2010/07/25 21:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2010/07/20 17:32:26 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys[2010/07/20 17:32:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll[2010/07/20 17:32:20 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys[2010/07/20 17:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\hruoiarny[2010/07/14 06:54:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/08/09 11:19:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/08/09 11:19:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2010/08/09 11:18:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/08/09 11:18:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/08/09 10:27:42 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/08/09 10:27:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.ini[2010/08/09 10:00:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/08/09 10:00:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/08/08 11:52:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:29:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini[2010/08/07 18:21:34 | 003,816,812 | R--- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:08:32 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml[2010/08/07 12:04:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll[2010/07/26 18:45:10 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 13:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/07/26 11:54:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/07/26 11:16:03 | 000,520,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/07/26 11:16:03 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/07/26 11:16:03 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/07/25 20:41:51 | 002,895,698 | -H-- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\IconCache.db[2010/07/21 15:02:54 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/07/21 14:04:01 | 000,000,677 | ---- | M] () -- C:\WINDOWS\win.ini[2010/07/21 14:04:01 | 000,000,281 | ---- | M] () -- C:\Boot.bak[2010/07/21 13:13:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/21 08:25:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Apemevubeqovuzi.bin[2010/07/20 17:06:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imekodusexuyo.dat[2010/07/20 17:06:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml[2010/07/15 16:10:43 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 16:08:41 | 000,011,949 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:52:28 | 000,011,332 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2010/08/08 11:52:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:24:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/08/07 18:24:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/08/07 18:21:24 | 003,816,812 | R--- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:04:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/07/25 20:31:56 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/07/22 11:16:15 | 000,249,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/07/21 13:13:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/20 17:06:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml[2010/07/15 16:08:12 | 000,011,949 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:53:04 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 15:49:32 | 000,011,332 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg[2009/03/28 15:08:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini[2009/03/09 12:01:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini[2008/06/18 12:20:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll[2006/11/18 12:14:03 | 000,000,474 | ---- | C] () -- C:\WINDOWS\Pan Viewer.INI[2006/09/15 10:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI[2006/02/18 12:18:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL[2005/12/09 09:41:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Progs_.ini[2005/11/10 12:09:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\INTUIT.INI[2005/07/19 09:15:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI[2004/09/18 17:42:04 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI[2004/09/08 15:43:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2004/04/02 15:50:54 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL[2003/11/28 13:33:24 | 000,000,779 | ---- | C] () -- C:\WINDOWS\disney.ini[2003/09/15 16:41:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll[2003/09/15 16:41:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll[2003/09/15 16:36:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2003/09/15 16:27:04 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys[2003/08/15 14:54:46 | 000,001,065 | ---- | C] () -- C:\WINDOWS\Winamp.ini[2003/08/15 14:54:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini[2003/07/17 09:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI[2003/07/08 13:18:29 | 000,000,117 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini[2003/07/06 12:11:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini[2003/07/03 21:47:38 | 000,000,161 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2003/07/03 20:22:05 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini[2003/07/03 17:38:32 | 000,000,088 | ---- | C] () -- C:\WINDOWS\alohabob.INI[2003/07/02 17:38:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI[2003/06/30 09:01:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2003/06/28 13:12:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2003/06/28 12:58:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll[2003/02/22 14:40:10 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL[2003/02/11 01:58:48 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll[2003/01/07 12:20:34 | 000,001,292 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2003/01/03 02:04:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\ccompbg119.sys[2002/11/19 15:25:58 | 000,221,236 | ---- | C] () -- C:\WINDOWS\System32\ar3rpc.dll[2002/11/19 15:25:56 | 001,205,760 | ---- | C] () -- C:\WINDOWS\System32\gslib.dll[2002/11/09 15:28:03 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL[2002/11/09 15:28:03 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2002/03/08 18:10:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll[2002/03/08 18:10:08 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll[2002/02/06 04:08:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\c_iclink140.ini[2001/11/29 14:44:21 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\SUPWIN32.DLL[2001/11/29 14:44:20 | 000,279,770 | ---- | C] () -- C:\WINDOWS\System32\NWPSRV.DLL[2001/11/29 14:44:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\NWNET.DLL[2001/11/29 14:44:20 | 000,106,528 | ---- | C] () -- C:\WINDOWS\System32\NWPNW.DLL[2001/11/29 14:44:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NWSIPX32.DLL[2001/11/29 14:44:19 | 000,147,856 | ---- | C] () -- C:\WINDOWS\System32\NWCALLS.DLL[2001/11/29 14:44:19 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\NCPWIN32.DLL[2001/11/29 14:44:19 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\NETWIN32.DLL[2001/11/29 14:44:19 | 000,043,440 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL[2001/11/29 14:44:19 | 000,041,088 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL[2001/11/29 14:44:18 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\CALWIN32.DLL[2001/11/29 14:44:18 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\LOCWIN32.DLL[2001/11/29 14:44:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CLNWIN32.DLL[2001/11/29 14:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CLXWIN32.DLL[2001/11/29 14:44:18 | 000,006,701 | ---- | C] () -- C:\WINDOWS\System32\CLNWINTH.DLL[2001/11/29 14:43:59 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\hpuninst.dll[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll[2001/03/09 06:12:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\g_iecdi32_351.dll[2001/01/30 16:20:40 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\pdbrowse.dll[2000/04/12 08:16:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaxext_335.sys[2000/03/10 13:31:54 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\CSF_04.DLL[2000/03/10 13:31:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CSF_02.DLL[2000/03/10 13:31:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CSF_09.DLL[2000/03/10 13:31:54 | 000,004,192 | ---- | C] () -- C:\WINDOWS\System32\CSF_06.DLL[1999/12/22 20:59:19 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\NET32THK.DLL[1999/12/22 20:59:18 | 000,006,300 | ---- | C] () -- C:\WINDOWS\System32\NET16THK.DLL[1999/12/22 19:51:52 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL[1999/10/21 13:53:22 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll[1999/05/23 16:30:12 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll[1999/05/15 10:20:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\d_comsvrb_175.dll[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL[1999/04/23 22:22:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL[1999/04/23 22:22:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL[1999/04/23 22:22:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL[1999/04/23 22:22:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL[1999/04/23 22:22:00 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL[1998/09/09 15:51:20 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\RXDDI.DLL[1998/09/09 15:50:56 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\SmArchive.dll[1998/08/31 03:14:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini[1998/08/31 03:14:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL[1998/08/19 15:33:37 | 000,017,680 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV.DLL[1998/08/19 15:33:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV32.DLL[1998/08/10 20:09:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\PRODINV.DLL[1998/08/10 14:44:26 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL[1998/08/10 14:44:26 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL[1998/08/10 14:44:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FDECTSP.DLL[1998/08/10 14:44:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VDOPLSTR.DLL[1998/08/07 16:51:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EPASET32.DLL[1998/08/07 16:51:07 | 000,007,488 | ---- | C] () -- C:\WINDOWS\System32\EPASET16.DLL[1998/08/02 14:09:15 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI[1998/08/02 14:09:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI[1998/07/31 10:32:12 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\actutdde.dll[1998/03/23 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll[1998/03/23 00:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\tips.dll[1998/03/23 00:00:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll[1998/03/23 00:00:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\mswheel.dll[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL< End of report > Link to post Share on other sites More sharing options...
Elise Posted August 9, 2010 ID:298450 Share Posted August 9, 2010 Please rerun the OTL scan with Use Safelist ticked under "Extra Registry". This will make sure extra.txt is created.I see some Symantec leftovers in your logs. If you no longer use it, please run the Norton Uninstaller to remove them.Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. Do not include the word "Code":otlIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643:commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click .A report will open. Copy and Paste that report in your next reply.Click Start > Run, type sfc /scannow in the runbox and press enter. Let the System File Checker run unhindered. When done, let me know how things are running. Note - you might be prompted for your windows CD. Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298456 Share Posted August 9, 2010 Which should I run first, the OTL scan or the OTL fix? Link to post Share on other sites More sharing options...
Elise Posted August 9, 2010 ID:298465 Share Posted August 9, 2010 That doesn't matter. The fix we run has no influence on the output for extra.txt Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298475 Share Posted August 9, 2010 Of course I can't find My XP CD! I moved last year, and nothing is where it should be. What can I do? Link to post Share on other sites More sharing options...
Elise Posted August 9, 2010 ID:298477 Share Posted August 9, 2010 You can leave out that step for now. Just do all the other things and let me know how things are running. Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298497 Share Posted August 9, 2010 OTL Extras logfile created on: 8/9/2010 1:22:10 PM - Run 4OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bob Howe\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 588.00 Mb Available Physical Memory | 57.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 6.48 Gb Free Space | 8.70% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: BOBCurrent User Name: Bob HoweLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Classes\<extension>].exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = htmlfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusOverride" = 1"FirewallOverride" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DoNotAllowExceptions" = 1"DisableNotifications" = 1"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)"C:\Program Files\Google\Google Earth\googleearth.exe" = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth -- (Google)"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel"{106B839C-DBA9-0AA9-07E9-9A2597151FF6}" = Catalyst Control Center Graphics Full Existing"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation"{304F281A-6321-4A51-B717-724A72E78B97}" = AutoSolids 2004"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3"{3389299C-9F50-D0C4-197C-A8804303B79F}" = Catalyst Control Center Graphics Light"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper"{37A17F53-D058-267B-C256-19FB6DDF3843}" = ccc-core-preinstall"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support"{559BA5B3-E3E1-C8A0-E301-5F50531BD44C}" = ccc-utility"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper"{63B8997E-EB2D-41D3-984C-C44D6D67A571}" = ArcSoft PhotoStudio 5.5"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{79E88160-A5E4-F7D2-1314-DEB8AADD9C29}" = ccc-core-static"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English"{83735930-0FB1-D871-8832-B5A9E27C93CA}" = CCC Help English"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{96E423BB-36B6-4EAD-B4A9-39C5109DD1B3}" = eDrawings 2007"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006"{B06D1168-C6D1-11D5-BC91-0800094CFDB8}" = Samsung Digimax 350SE Camera"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)"{B55EF832-4613-A19B-A222-DDB8B6CE1B52}" = Catalyst Control Center Core Implementation"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}" = Dr Watson for Microsoft Windows OneCare Live v1.1.1067.8"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CED5BB5B-2A24-2F7F-61B1-2B557484084B}" = Catalyst Control Center Graphics Previews Common"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player"{D1268F56-DE79-19A8-C8EC-961D48FFD2FE}" = Skins"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime"{DEB6C5B9-D5BB-D8AC-20F7-F1E0F8A67D5A}" = Catalyst Control Center Graphics Full New"{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}" = CutePDF Professional 3.41"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"All ATI Software" = ATI - Software Uninstall Utility"AnalogX ITR Client" = AnalogX ITR Client"AnswerWorks" = AnswerWorks Runtime"Any Video Converter_is1" = Any Video Converter 2.7.2"ATI Display Driver" = ATI Display Driver"AutoSolids A2K" = AutoSolids A2K"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"AVS Update Manager_is1" = AVS Update Manager 1.0"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)"CAL" = Canon Camera Access Library"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder"CSCLIB" = Canon Camera Support Core Library"CutePDF Writer Installation" = CutePDF Writer 2.7"EOS Utility" = Canon Utilities EOS Utility"Folder Shield" = Folder Shield 1.3"Google Updater" = Google Updater"hp instant support" = hp instant support"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition"InstallShield_{E492D880-0B07-4769-9E92-6C2B7DE37716}" = Linksys EasyLink Advisor"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"Nolo's Encyclopedia of Everyday Law" = Nolo's Encyclopedia of Everyday Law"Pan Viewer 5.0.0.901" = SmoothMove Pan Viewer 5.0 release 1"PhotoStitch" = Canon Utilities PhotoStitch"PROSet" = Intel® PRO Network Adapters and Drivers"Quicken 6" = Quicken 6"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX"RealPlayer 6.0" = RealPlayer"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX"TurboTax 2008" = TurboTax 2008"TurboTax 2009" = TurboTax 2009"TurboTax Home & Business 2006" = TurboTax Home & Business 2006"TurboTax Home & Business 2007" = TurboTax Home & Business 2007"WGA" = Windows Genuine Advantage Validation Tool"WIC" = Windows Imaging Component"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WinRAR archiver" = WinRAR archiver"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5"Yahoo! Companion" = Yahoo! Toolbar"Yahoo! SiteBuilder" = Yahoo! SiteBuilder"YInstHelper" = Yahoo! Install Manager========== Last 10 Event Log Errors ==========[ Application Events ]Error - 8/8/2010 11:17:19 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.Error - 8/9/2010 1:05:35 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x00167614.Error - 8/9/2010 1:05:41 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.Error - 8/9/2010 1:13:14 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x00167614.Error - 8/9/2010 1:13:23 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.Error - 8/9/2010 1:26:54 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x00167614.Error - 8/9/2010 1:27:02 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.Error - 8/9/2010 2:32:58 PM | Computer Name = BOB | Source = Application Hang | ID = 1002Description = Hanging application OTL.exe, version 3.2.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 8/9/2010 3:30:03 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.18928, fault address 0x00167614.Error - 8/9/2010 3:30:12 PM | Computer Name = BOB | Source = Application Error | ID = 1000Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.[ System Events ]Error - 6/21/2010 8:19:06 PM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/21/2010 8:19:06 PM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/22/2010 11:00:11 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/22/2010 11:00:11 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/22/2010 5:02:25 PM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/22/2010 5:02:25 PM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/23/2010 9:49:46 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/23/2010 9:49:46 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/23/2010 10:30:59 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display typeError - 6/23/2010 10:30:59 AM | Computer Name = BOB | Source = ati2mtag | ID = 45062Description = CRT invalid display type< End of report > Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298501 Share Posted August 9, 2010 OTL logfile created on: 8/9/2010 1:22:10 PM - Run 4OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bob Howe\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 588.00 Mb Available Physical Memory | 57.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 6.48 Gb Free Space | 8.70% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: BOBCurrent User Name: Bob HoweLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - File not found -- C:\Program Files\Folder Shield\fsp.exePRC - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exePRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exePRC - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exePRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/10/09 20:30:37 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/09/25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exePRC - [2007/09/25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exePRC - [2007/09/24 23:30:28 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exePRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exePRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exePRC - [2004/09/08 15:36:11 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2003/09/15 16:56:32 | 001,126,484 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2003/09/15 16:53:06 | 000,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Folder Shield\FSService.exePRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exePRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exePRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exePRC - [2003/03/20 14:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exePRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exePRC - [2002/03/21 20:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe========== Modules (SafeList) ==========MOD - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exeMOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (ISPwdSvc)SRV - File not found [Disabled | Stopped] -- -- (Automatic LiveUpdate Scheduler)SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)SRV - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2006/10/07 12:54:53 | 001,087,680 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)SRV - [2005/06/03 08:49:41 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)SRV - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Folder Shield\FSService.exe -- (FSService)SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL)DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP)DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys -- (SABKUTIL)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BOBHOW~1\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\bxShield.sys -- (bxShield)DRV - [2009/12/07 09:23:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2008/05/16 07:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)DRV - [2008/05/16 07:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)DRV - [2008/05/12 09:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)DRV - [2003/09/15 16:27:04 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)DRV - [2003/09/15 16:26:40 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)DRV - [2003/09/15 16:23:40 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)DRV - [2003/09/15 16:22:06 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)DRV - [2003/09/15 16:17:02 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)DRV - [2003/09/15 16:15:28 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (BtAudio)DRV - [2003/09/15 16:14:36 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)DRV - [2003/04/01 17:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)DRV - [2003/03/19 17:00:00 | 000,201,088 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)DRV - [2002/08/14 08:00:00 | 000,004,112 | ---- | M] (Eisenworld, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AloPar.sys -- (AloPar)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-572454927-3685698554-67682326-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..network.proxy.ftp: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ftp_port: 8080FF - prefs.js..network.proxy.gopher: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.gopher_port: 8080FF - prefs.js..network.proxy.http: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.http_port: 8080FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.socks_port: 8080FF - prefs.js..network.proxy.ssl: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ssl_port: 8080[2005/07/13 08:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions[2005/07/13 08:43:46 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}O1 HOSTS File: ([2010/08/09 10:00:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()O3 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKLM..\Run: [fspr] C:\Program Files\Folder Shield\FolderShield.exe ()O4 - HKLM..\Run: [intelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKU\S-1-5-21-572454927-3685698554-67682326-1004..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\S-1-5-21-572454927-3685698554-67682326-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O15 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.)O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1121021012078 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1112891133968 (MUWebControl Class)O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37874.855462963 (Reg Error: Key error.)O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.228.160.5 216.228.160.6O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003/06/28 12:30:43 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKU\S-1-5-21-572454927-3685698554-67682326-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/08/09 13:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood[2010/08/09 12:47:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/08/09 12:45:52 | 000,000,000 | ---D | C] -- C:\_OTL[2010/08/09 10:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe[2010/08/07 18:29:12 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010/08/07 11:55:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 18:45:11 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 12:34:36 | 000,000,000 | ---D | C] -- C:\2d8e158d4ab85a19979042e50804[2010/07/26 11:52:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IECompatCache[2010/07/26 11:51:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\PrivacIE[2010/07/26 11:45:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IETldCache[2010/07/26 11:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates[2010/07/26 11:37:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/07/26 11:34:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll[2010/07/25 21:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2010/07/20 17:32:26 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys[2010/07/20 17:32:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll[2010/07/20 17:32:20 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys[2010/07/20 17:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\hruoiarny[2010/07/14 06:54:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe[8 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/08/09 13:01:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/08/09 13:01:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2010/08/09 13:00:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/08/09 13:00:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/08/09 12:58:58 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/08/09 12:58:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.ini[2010/08/09 11:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/08/09 10:00:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/08/09 10:00:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/08/08 11:52:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:29:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini[2010/08/07 18:21:34 | 003,816,812 | R--- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:08:32 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml[2010/08/07 12:04:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll[2010/07/26 18:45:10 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 13:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/07/26 11:16:03 | 000,520,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/07/26 11:16:03 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/07/26 11:16:03 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/07/25 20:41:51 | 002,895,698 | -H-- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\IconCache.db[2010/07/21 15:02:54 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/07/21 14:04:01 | 000,000,677 | ---- | M] () -- C:\WINDOWS\win.ini[2010/07/21 14:04:01 | 000,000,281 | ---- | M] () -- C:\Boot.bak[2010/07/21 13:13:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/21 08:25:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Apemevubeqovuzi.bin[2010/07/20 17:06:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imekodusexuyo.dat[2010/07/20 17:06:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml[2010/07/15 16:10:43 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 16:08:41 | 000,011,949 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:52:28 | 000,011,332 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg[8 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]========== Files Created - No Company Name ==========[2010/08/08 11:52:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:24:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/08/07 18:24:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/08/07 18:21:24 | 003,816,812 | R--- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:04:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/07/25 20:31:56 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/07/22 11:16:15 | 000,249,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/07/21 13:13:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/20 17:06:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml[2010/07/15 16:08:12 | 000,011,949 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:53:04 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 15:49:32 | 000,011,332 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg[2009/03/28 15:08:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini[2009/03/09 12:01:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini[2008/06/18 12:20:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll[2006/11/18 12:14:03 | 000,000,474 | ---- | C] () -- C:\WINDOWS\Pan Viewer.INI[2006/09/15 10:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI[2006/02/18 12:18:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL[2005/12/09 09:41:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Progs_.ini[2005/11/10 12:09:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\INTUIT.INI[2005/07/19 09:15:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI[2004/09/18 17:42:04 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI[2004/09/08 15:43:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2004/04/02 15:50:54 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL[2003/11/28 13:33:24 | 000,000,779 | ---- | C] () -- C:\WINDOWS\disney.ini[2003/09/15 16:41:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll[2003/09/15 16:41:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll[2003/09/15 16:36:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2003/09/15 16:27:04 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys[2003/08/15 14:54:46 | 000,001,065 | ---- | C] () -- C:\WINDOWS\Winamp.ini[2003/08/15 14:54:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini[2003/07/17 09:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI[2003/07/08 13:18:29 | 000,000,117 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini[2003/07/06 12:11:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini[2003/07/03 21:47:38 | 000,000,161 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2003/07/03 20:22:05 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini[2003/07/03 17:38:32 | 000,000,088 | ---- | C] () -- C:\WINDOWS\alohabob.INI[2003/07/02 17:38:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI[2003/06/30 09:01:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2003/06/28 13:12:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2003/06/28 12:58:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll[2003/02/22 14:40:10 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL[2003/02/11 01:58:48 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll[2003/01/07 12:20:34 | 000,001,292 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2003/01/03 02:04:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\ccompbg119.sys[2002/11/19 15:25:58 | 000,221,236 | ---- | C] () -- C:\WINDOWS\System32\ar3rpc.dll[2002/11/19 15:25:56 | 001,205,760 | ---- | C] () -- C:\WINDOWS\System32\gslib.dll[2002/11/09 15:28:03 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL[2002/11/09 15:28:03 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2002/03/08 18:10:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll[2002/03/08 18:10:08 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll[2002/02/06 04:08:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\c_iclink140.ini[2001/11/29 14:44:21 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\SUPWIN32.DLL[2001/11/29 14:44:20 | 000,279,770 | ---- | C] () -- C:\WINDOWS\System32\NWPSRV.DLL[2001/11/29 14:44:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\NWNET.DLL[2001/11/29 14:44:20 | 000,106,528 | ---- | C] () -- C:\WINDOWS\System32\NWPNW.DLL[2001/11/29 14:44:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NWSIPX32.DLL[2001/11/29 14:44:19 | 000,147,856 | ---- | C] () -- C:\WINDOWS\System32\NWCALLS.DLL[2001/11/29 14:44:19 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\NCPWIN32.DLL[2001/11/29 14:44:19 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\NETWIN32.DLL[2001/11/29 14:44:19 | 000,043,440 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL[2001/11/29 14:44:19 | 000,041,088 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL[2001/11/29 14:44:18 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\CALWIN32.DLL[2001/11/29 14:44:18 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\LOCWIN32.DLL[2001/11/29 14:44:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CLNWIN32.DLL[2001/11/29 14:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CLXWIN32.DLL[2001/11/29 14:44:18 | 000,006,701 | ---- | C] () -- C:\WINDOWS\System32\CLNWINTH.DLL[2001/11/29 14:43:59 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\hpuninst.dll[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll[2001/03/09 06:12:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\g_iecdi32_351.dll[2001/01/30 16:20:40 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\pdbrowse.dll[2000/04/12 08:16:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaxext_335.sys[2000/03/10 13:31:54 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\CSF_04.DLL[2000/03/10 13:31:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CSF_02.DLL[2000/03/10 13:31:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CSF_09.DLL[2000/03/10 13:31:54 | 000,004,192 | ---- | C] () -- C:\WINDOWS\System32\CSF_06.DLL[1999/12/22 20:59:19 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\NET32THK.DLL[1999/12/22 20:59:18 | 000,006,300 | ---- | C] () -- C:\WINDOWS\System32\NET16THK.DLL[1999/12/22 19:51:52 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL[1999/10/21 13:53:22 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll[1999/05/23 16:30:12 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll[1999/05/15 10:20:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\d_comsvrb_175.dll[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL[1999/04/23 22:22:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL[1999/04/23 22:22:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL[1999/04/23 22:22:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL[1999/04/23 22:22:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL[1999/04/23 22:22:00 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL[1998/09/09 15:51:20 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\RXDDI.DLL[1998/09/09 15:50:56 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\SmArchive.dll[1998/08/31 03:14:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini[1998/08/31 03:14:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL[1998/08/19 15:33:37 | 000,017,680 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV.DLL[1998/08/19 15:33:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV32.DLL[1998/08/10 20:09:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\PRODINV.DLL[1998/08/10 14:44:26 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL[1998/08/10 14:44:26 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL[1998/08/10 14:44:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FDECTSP.DLL[1998/08/10 14:44:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VDOPLSTR.DLL[1998/08/07 16:51:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EPASET32.DLL[1998/08/07 16:51:07 | 000,007,488 | ---- | C] () -- C:\WINDOWS\System32\EPASET16.DLL[1998/08/02 14:09:15 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI[1998/08/02 14:09:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI[1998/07/31 10:32:12 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\actutdde.dll[1998/03/23 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll[1998/03/23 00:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\tips.dll[1998/03/23 00:00:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll[1998/03/23 00:00:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\mswheel.dll[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL< End of report > Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298513 Share Posted August 9, 2010 Hi Elise, I apologise for being so disjointed, but every time I close Windows Explorer my system locks up, and I have to reboot. After a while I feel like I'm losing focus altogether. As I said Windows Explorer is the most obvious symptom I have now, but since it freezes the system every time its hard to tell if there are other symptoms. bob Link to post Share on other sites More sharing options...
Magiclure Posted August 9, 2010 Author ID:298515 Share Posted August 9, 2010 I should have mentioned I have to use Task Manager to shutdown. Link to post Share on other sites More sharing options...
Magiclure Posted August 10, 2010 Author ID:298561 Share Posted August 10, 2010 Hi Elise, I am going out of town for the next 2 days, but I would like to be sure this thread gets finished. Please check the OTL files and let me know if you spot anything. Thanks Link to post Share on other sites More sharing options...
Elise Posted August 10, 2010 ID:298744 Share Posted August 10, 2010 Hi, did you also run the OTL fix? If so, please post me the log from it. Link to post Share on other sites More sharing options...
Magiclure Posted August 10, 2010 Author ID:298920 Share Posted August 10, 2010 All processes killed========== OTL ==========HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All Users->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Bob Howe->Temp folder emptied: 8220176 bytes->Temporary Internet Files folder emptied: 16969749 bytes->Java cache emptied: 55277595 bytes->Google Chrome cache emptied: 34445914 bytes->Flash cache emptied: 79568 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 465333 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 1321246 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 614408 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 19569 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 483 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 450989 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 112.00 mbOTL by OldTimer - Version 3.2.9.1 log created on 08092010_124552Files\Folders moved on Reboot...C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF1B1E.tmp moved successfully.File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF38E8.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF39BA.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF4D98.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF5BE5.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF67B6.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF6813.tmp not found!C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\GGPFJE8H\iframe[1].htm moved successfully.C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\GGPFJE8H\index[1].php moved successfully.C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Elise Posted August 10, 2010 ID:298956 Share Posted August 10, 2010 Now lets see if there might be a problem with the explorer.exe file.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the NONE button.[*]Copy and Paste the following code into the textbox. Do not include the word "Code"/md5startexplorer.exe/md5stop[*]Push [*]A report will open. Copy and Paste that report in your next reply. Link to post Share on other sites More sharing options...
Magiclure Posted August 12, 2010 Author ID:299415 Share Posted August 12, 2010 All processes killed========== OTL ==========HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All Users->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Bob Howe->Temp folder emptied: 8220176 bytes->Temporary Internet Files folder emptied: 16969749 bytes->Java cache emptied: 55277595 bytes->Google Chrome cache emptied: 34445914 bytes->Flash cache emptied: 79568 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 465333 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 1321246 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 614408 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 19569 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 483 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 450989 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 112.00 mbOTL by OldTimer - Version 3.2.9.1 log created on 08092010_124552Files\Folders moved on Reboot...C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF1B1E.tmp moved successfully.File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF38E8.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF39BA.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF4D98.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF5BE5.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF67B6.tmp not found!File\Folder C:\Documents and Settings\Bob Howe\Local Settings\Temp\~DF6813.tmp not found!C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\GGPFJE8H\iframe[1].htm moved successfully.C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\GGPFJE8H\index[1].php moved successfully.C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Elise Posted August 12, 2010 ID:299478 Share Posted August 12, 2010 Thats the log of the fix we did. I need to see the log that will be created after you run the scan as instructed in my last post. Link to post Share on other sites More sharing options...
Magiclure Posted August 12, 2010 Author ID:299563 Share Posted August 12, 2010 Sorry!OTL logfile created on: 8/12/2010 8:29:08 AM - Run 5OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bob Howe\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,023.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 13.00% Memory free2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 6.43 Gb Free Space | 8.63% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: BOBCurrent User Name: Bob HoweLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - File not found -- C:\Program Files\Folder Shield\fsp.exePRC - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exePRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exePRC - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exePRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/10/09 20:30:37 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2007/09/25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exePRC - [2007/09/25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exePRC - [2007/09/24 23:30:28 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exePRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exePRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exePRC - [2004/09/08 15:36:11 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2003/09/15 16:56:32 | 001,126,484 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2003/09/15 16:53:06 | 000,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Folder Shield\FSService.exePRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exePRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exePRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exePRC - [2003/03/20 14:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exePRC - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exePRC - [2002/03/21 20:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe========== Modules (SafeList) ==========MOD - [2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exeMOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)SRV - [2009/08/09 20:27:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008/05/08 09:59:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)SRV - [2005/06/03 08:49:41 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)SRV - [2003/05/26 02:13:00 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Folder Shield\FSService.exe -- (FSService)SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\Bob Howe\Local Settings\Temporary Internet Files\Content.IE5\04IAKNN3\SABKUTIL.sys -- (SABKUTIL)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BOBHOW~1\LOCALS~1\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\bxShield.sys -- (bxShield)DRV - [2009/12/07 09:23:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2008/05/16 07:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)DRV - [2008/05/16 07:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)DRV - [2008/05/12 09:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)DRV - [2003/09/15 16:27:04 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)DRV - [2003/09/15 16:26:40 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)DRV - [2003/09/15 16:23:40 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)DRV - [2003/09/15 16:22:06 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)DRV - [2003/09/15 16:17:02 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)DRV - [2003/09/15 16:15:28 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (BtAudio)DRV - [2003/09/15 16:14:36 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)DRV - [2003/04/01 17:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)DRV - [2003/03/19 17:00:00 | 000,201,088 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)DRV - [2002/08/14 08:00:00 | 000,004,112 | ---- | M] (Eisenworld, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AloPar.sys -- (AloPar)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..network.proxy.ftp: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ftp_port: 8080FF - prefs.js..network.proxy.gopher: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.gopher_port: 8080FF - prefs.js..network.proxy.http: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.http_port: 8080FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.socks_port: 8080FF - prefs.js..network.proxy.ssl: "proxy-server.bendcable.com"FF - prefs.js..network.proxy.ssl_port: 8080[2005/07/13 08:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions[2005/07/13 08:43:46 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Bob Howe\Application Data\Mozilla\Firefox\Profiles\0lq747zy.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}O1 HOSTS File: ([2010/08/09 10:00:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKLM..\Run: [fspr] C:\Program Files\Folder Shield\FolderShield.exe ()O4 - HKLM..\Run: [intelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.)O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1121021012078 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1112891133968 (MUWebControl Class)O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37874.855462963 (Reg Error: Key error.)O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.228.160.5 216.228.160.6O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Howe\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003/06/28 12:30:43 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found========== Files/Folders - Created Within 30 Days ==========[2010/08/09 12:47:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/08/09 12:45:52 | 000,000,000 | ---D | C] -- C:\_OTL[2010/08/09 10:03:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe[2010/08/07 18:36:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe[2010/08/07 18:29:12 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010/08/07 11:55:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 18:45:11 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 12:34:36 | 000,000,000 | ---D | C] -- C:\2d8e158d4ab85a19979042e50804[2010/07/26 11:52:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IECompatCache[2010/07/26 11:51:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\PrivacIE[2010/07/26 11:45:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob Howe\IETldCache[2010/07/26 11:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates[2010/07/26 11:37:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/07/26 11:34:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll[2010/07/25 21:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2010/07/20 17:32:26 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys[2010/07/20 17:32:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll[2010/07/20 17:32:20 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys[2010/07/20 17:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\hruoiarny[2010/07/14 06:54:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe========== Files - Modified Within 30 Days ==========[2010/08/12 08:24:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/08/12 08:23:50 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2010/08/12 08:23:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/08/12 08:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/08/11 18:47:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.ini[2010/08/11 18:47:27 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/08/10 09:57:48 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml[2010/08/09 16:55:43 | 000,242,176 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/08/09 11:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/08/09 10:00:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/08/09 10:00:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/08/08 11:52:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:29:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini[2010/08/07 18:21:34 | 003,816,812 | R--- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:04:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/08/07 11:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Howe\Desktop\OTL.exe[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll[2010/07/26 18:45:10 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010/07/26 13:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/07/26 11:16:03 | 000,520,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/07/26 11:16:03 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/07/26 11:16:03 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/07/25 20:41:51 | 002,895,698 | -H-- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\IconCache.db[2010/07/21 14:04:01 | 000,000,677 | ---- | M] () -- C:\WINDOWS\win.ini[2010/07/21 14:04:01 | 000,000,281 | ---- | M] () -- C:\Boot.bak[2010/07/21 13:13:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/21 08:25:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Apemevubeqovuzi.bin[2010/07/20 17:06:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Imekodusexuyo.dat[2010/07/20 17:06:39 | 000,000,150 | ---- | M] () -- C:\zrpt.xml[2010/07/15 16:10:43 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 16:08:41 | 000,011,949 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:52:28 | 000,011,332 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | M] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg========== Files Created - No Company Name ==========[2010/08/08 11:52:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\Defogger.exe[2010/08/07 18:24:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010/08/07 18:24:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010/08/07 18:21:24 | 003,816,812 | R--- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\ComboFix.exe[2010/08/07 12:04:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Desktop\1vpfbew4.exe[2010/07/25 20:31:56 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\Bob Howe\ntuser.dat[2010/07/22 11:16:15 | 000,249,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/07/21 13:13:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob Howe\Local Settings\Application Data\housecall.guid.cache[2010/07/20 17:06:36 | 000,000,150 | ---- | C] () -- C:\zrpt.xml[2010/07/15 16:08:12 | 000,011,949 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\c5k.jpg[2010/07/15 15:53:04 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\sig.htm[2010/07/15 15:49:32 | 000,011,332 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010b.jpg[2010/07/15 15:48:46 | 000,002,674 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010a.jpg[2010/07/15 15:47:59 | 000,030,385 | ---- | C] () -- C:\Documents and Settings\Bob Howe\My Documents\GYE---Jodi05v.2Sig2010.jpg[2009/03/28 15:08:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Blink.ini[2009/03/09 12:01:05 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini[2008/06/18 12:20:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll[2006/11/18 12:14:03 | 000,000,474 | ---- | C] () -- C:\WINDOWS\Pan Viewer.INI[2006/09/15 10:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI[2006/02/18 12:18:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL[2005/12/09 09:41:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Progs_.ini[2005/11/10 12:09:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\INTUIT.INI[2005/07/19 09:15:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI[2004/09/18 17:42:04 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI[2004/09/08 15:43:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI[2004/04/02 15:50:54 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL[2003/11/28 13:33:24 | 000,000,779 | ---- | C] () -- C:\WINDOWS\disney.ini[2003/09/15 16:41:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll[2003/09/15 16:41:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll[2003/09/15 16:36:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2003/09/15 16:27:04 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys[2003/08/15 14:54:46 | 000,001,065 | ---- | C] () -- C:\WINDOWS\Winamp.ini[2003/08/15 14:54:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini[2003/07/17 09:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI[2003/07/08 13:18:29 | 000,000,117 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini[2003/07/06 12:11:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini[2003/07/03 21:47:38 | 000,000,161 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI[2003/07/03 20:22:05 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini[2003/07/03 17:38:32 | 000,000,088 | ---- | C] () -- C:\WINDOWS\alohabob.INI[2003/07/02 17:38:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI[2003/06/30 09:01:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2003/06/28 13:12:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2003/06/28 12:58:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL[2003/02/22 14:40:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll[2003/02/22 14:40:10 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL[2003/02/11 01:58:48 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll[2003/01/07 12:20:34 | 000,001,292 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2003/01/03 02:04:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\ccompbg119.sys[2002/11/19 15:25:58 | 000,221,236 | ---- | C] () -- C:\WINDOWS\System32\ar3rpc.dll[2002/11/19 15:25:56 | 001,205,760 | ---- | C] () -- C:\WINDOWS\System32\gslib.dll[2002/11/09 15:28:03 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL[2002/11/09 15:28:03 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2002/03/08 18:10:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll[2002/03/08 18:10:08 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll[2002/02/06 04:08:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\c_iclink140.ini[2001/11/29 14:44:21 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\SUPWIN32.DLL[2001/11/29 14:44:20 | 000,279,770 | ---- | C] () -- C:\WINDOWS\System32\NWPSRV.DLL[2001/11/29 14:44:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\NWNET.DLL[2001/11/29 14:44:20 | 000,106,528 | ---- | C] () -- C:\WINDOWS\System32\NWPNW.DLL[2001/11/29 14:44:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NWSIPX32.DLL[2001/11/29 14:44:19 | 000,147,856 | ---- | C] () -- C:\WINDOWS\System32\NWCALLS.DLL[2001/11/29 14:44:19 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\NCPWIN32.DLL[2001/11/29 14:44:19 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\NETWIN32.DLL[2001/11/29 14:44:19 | 000,043,440 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL[2001/11/29 14:44:19 | 000,041,088 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL[2001/11/29 14:44:18 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\CALWIN32.DLL[2001/11/29 14:44:18 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\LOCWIN32.DLL[2001/11/29 14:44:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CLNWIN32.DLL[2001/11/29 14:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CLXWIN32.DLL[2001/11/29 14:44:18 | 000,006,701 | ---- | C] () -- C:\WINDOWS\System32\CLNWINTH.DLL[2001/11/29 14:43:59 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\hpuninst.dll[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll[2001/03/09 06:12:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\g_iecdi32_351.dll[2001/01/30 16:20:40 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\pdbrowse.dll[2000/04/12 08:16:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaxext_335.sys[2000/03/10 13:31:54 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\CSF_04.DLL[2000/03/10 13:31:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CSF_02.DLL[2000/03/10 13:31:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CSF_09.DLL[2000/03/10 13:31:54 | 000,004,192 | ---- | C] () -- C:\WINDOWS\System32\CSF_06.DLL[1999/12/22 20:59:19 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\NET32THK.DLL[1999/12/22 20:59:18 | 000,006,300 | ---- | C] () -- C:\WINDOWS\System32\NET16THK.DLL[1999/12/22 19:51:52 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL[1999/10/21 13:53:22 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll[1999/05/23 16:30:12 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll[1999/05/15 10:20:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\System32\d_comsvrb_175.dll[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL[1999/04/23 22:22:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL[1999/04/23 22:22:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL[1999/04/23 22:22:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL[1999/04/23 22:22:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL[1999/04/23 22:22:00 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL[1998/09/09 15:51:20 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\RXDDI.DLL[1998/09/09 15:50:56 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\SmArchive.dll[1998/08/31 03:14:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini[1998/08/31 03:14:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL[1998/08/19 15:33:37 | 000,017,680 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV.DLL[1998/08/19 15:33:37 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\PCIDEV32.DLL[1998/08/10 20:09:15 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\PRODINV.DLL[1998/08/10 14:44:26 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL[1998/08/10 14:44:26 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL[1998/08/10 14:44:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FDECTSP.DLL[1998/08/10 14:44:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VDOPLSTR.DLL[1998/08/07 16:51:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EPASET32.DLL[1998/08/07 16:51:07 | 000,007,488 | ---- | C] () -- C:\WINDOWS\System32\EPASET16.DLL[1998/08/02 14:09:15 | 000,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI[1998/08/02 14:09:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI[1998/07/31 10:32:12 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\actutdde.dll[1998/03/23 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll[1998/03/23 00:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\tips.dll[1998/03/23 00:00:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll[1998/03/23 00:00:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\mswheel.dll[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL========== Custom Scans ==========< MD5 for: EXPLORER.EXE >[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe< End of report > Link to post Share on other sites More sharing options...
Recommended Posts