Jump to content

Computer Keeps Freezing Up


Recommended Posts

Hi,

My computer continually freezes up. This happens at various times, although it seems to happen most often when on facebook or using IM over the internet. It doesn't always happen at this time, for example, just today the computer froze simply while I was switching users. I have run a scan using the latest MWB database and a scan with HJT, below are the results. I would really appreciate your help as this is really annoying to have to keep restarting the CPU and losing data. :)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5208

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/28/2010 6:35:24 PM

mbam-log-2010-11-28 (18-35-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 271922

Time elapsed: 2 hour(s), 26 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:41:58 PM, on 11/28/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CinemaNow Media Manager\CinemanowSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Trend Micro Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/fee...CC5B6868D3F79AC

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\JunoInternet\qsacc\X1IEBHO.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Wroqumoca] rundll32.exe "C:\WINDOWS\ananiwul.dll",Startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [16] CUTE

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1018\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Erin Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1018\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Erin Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1018\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Erin Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1018\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Erin Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1018\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Erin Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1020\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Zack')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-1021\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Matthew Griffin')

O4 - HKUS\S-1-5-21-528341822-4101397123-1346815493-501\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Guest')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122513785801

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1290830169781

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O17 - HKLM\Software\..\Telephony: DomainName = valdeseweavers.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O21 - SSODL: siwumogak - {debf335a-2428-4189-b3f0-76be0755999e} - (no file)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow Media Manager\CinemanowSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 13170 bytes

Link to post
Share on other sites

Hello bgriffin184! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please, open HiJackThis and select Do a system scan only.

Check the following entries:

O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Wroqumoca] rundll32.exe "C:\WINDOWS\ananiwul.dll",Startup

O21 - SSODL: siwumogak - {debf335a-2428-4189-b3f0-76be0755999e} - (no file)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Add or Remove Programs list
  3. a new fresh HiJackThis log

Link to post
Share on other sites

Thanks for your help, Borislav. Below are the results...

1. MWB Anti-Malware Log

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.orgDatabase version: 5214

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/29/2010 7:55:48 PM

mbam-log-2010-11-29 (19-55-48).txt

Scan type: Quick scan

Objects scanned: 188089

Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\ananiwul.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wroqumoca (Trojan.Hiloti) -> Value: Wroqumoca -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\ananiwul.dll (Trojan.Hiloti) -> Delete on reboot.

2. Add or Remove Programs List

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0

Adobe Shockwave Player 11.5

ADS Tech Master Installer V3.0

ADS Tech V3.0 Instant DVD CapWiz

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression for Kodak

ArcSoft PhotoImpression

Ask Toolbar

AT&T Internet Security Wizard 1.5.11

AT&T Self Support Tool

AT&T Toolbar

Bonjour

CardRd81

CCHelp

CCScore

CinemaNow Media Manager

Clifford Learning Activities

Clifford Reading

Conexant D850 56K V.9x DFVc Modem

Content Transfer

CR2

Creative System Information

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

DellSupport

Digital Line Detect

Disney Pirates of the Caribbean Online

ESSAdpt

ESSANUP

ESSBrwr

ESSCAM

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTUTOR

ESSvpaht

ESSvpot

GameFiesta Games Toolbar

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Google Update Helper

HijackThis 2.0.2

HLPCCTR

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Memories Disc

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp psc 1200 series

hp psc 1200 series

HP System Diagnostics

HP Update

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

J2SE Runtime Environment 5.0

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 22

Java 6 Update 3

Juno Internet

Kid Pix Studio Deluxe

Kodak EasyShare software

KSU

Learn2 Player (Uninstall Only)

Malwarebytes' Anti-Malware

Math 2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Halo Trial

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft NFL Fever 2000

Microsoft Office 2000 SR-1 Disc 2

Microsoft Office 2000 SR-1 Professional

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mike's Monstrous Adventure Preview

Modem Helper

Monopoly Junior

Moto Racer

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

My Way Search Assistant

NASCAR Racing 1999 Edition

NetWaiting

Norton 360

Notifier

NROS

OfotoXMI

Operation

Oregon Trail® 5

OTtBP

OTtBPSDK

PCDLNCH

PhoTags Express

Photo Click

Photo Viewer s2.5

Pinball Panic

Planetarium

PowerDVD 5.3

QuickTime

Reader Rabbit Math Ages 6-9

RealPlayer Basic

Safari

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SFR

SFR2

Sierra Utilities

Sonic DLA

Sonic RecordNow!

Sonic Update Manager

Sound Blaster Live!

Storybook Weaver Deluxe

Tarzan Action Game

The Weather Channel Toolbar

Touch The Sky

Toy Story 2

Toy Story 2 Activity Center

Ulead DVD MovieFactory 2 SE

Ulead VideoStudio 7 SE DVD

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VCAMCEN

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VNC Free Edition 4.1.2

VPRINTOL

Walmart MP3 Music Downloads

Windows Genuine Advantage v1.3.0254.0

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

3. Fresh HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:10:15 PM, on 11/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CinemaNow Media Manager\CinemanowSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Trend Micro Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/fee...CC5B6868D3F79AC

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\JunoInternet\qsacc\X1IEBHO.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [16] CUTE

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122513785801

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1290830169781

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O17 - HKLM\Software\..\Telephony: DomainName = valdeseweavers.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow Media Manager\CinemanowSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 11526 bytes

Link to post
Share on other sites

Step 1

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Unfortunately, I could not Uninstall the Ask Toolbar as you instructed. When I clicked the Change/Uninstall button from the add/Remove Programs function in the control panel, I got an error message.

Error Loading C:\PROGRA~1\AskSBAR\bar\1.bin\AskSBAR.dll

The Specified Module Could Not be Found.

I was able to unintall the Viewpoint Media Player. Will this affect the windows media player in any way?

I will wait for you to give me instuctions before I download and run combo fix.

Link to post
Share on other sites

Borislav,

I've been trying to run combofix for the last two days with not much success. Basically, comboix starts and begins to run, but the comuter freezes up after getting seevral messages like the following

PEV.cfx.xe - Corrupt File

The file or Directory C:\Documents and Settings\Brian Griffin\Application Data\Macromedia\Flash Player\# Shared objects\X8YDBNSH\Video.Google.com\videostats.sol is corrupt and unreadable. Please run the CHKDSK utiity.

This came up several times with different file names or directory paths.

Link to post
Share on other sites

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK .

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Link to post
Share on other sites

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK .

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Fianlly!!! Ok, completed the code above and ran Combo-Fix.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3248)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Completion time: 2010-12-04 17:04:04 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-04 22:04

Pre-Run: 4,425,134,080 bytes free

Post-Run: 4,363,751,424 bytes free

- - End Of File - - CA00323AC227676778122C98DEBF6472

Link to post
Share on other sites

Okay, but it's not the entire log file. Please attach your log file.

ComboFix 10-12-03.03 - Brian Griffin 12/04/2010 16:39:48.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.211 [GMT -5:00]

Running from: c:\documents and settings\Brian Griffin\Desktop\Combo-Fix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CAPTCHA

-------\Legacy_kungsftpjklvmp

-------\Legacy_WEBSERVER

-------\Service_kungsftpjklvmp

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))

.

2010-12-04 21:28 . 2010-12-04 21:28 -------- d-----w- C:\found.000

2010-11-28 18:55 . 2010-11-28 18:59 -------- d-----w- c:\program files\Chrome

2010-11-27 03:40 . 2010-11-27 03:43 -------- dc-h--w- c:\windows\ie8

2010-11-27 01:28 . 2010-11-27 01:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-27 01:28 . 2010-11-27 01:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-27 01:27 . 2010-11-30 00:59 -------- d-----w- c:\windows\system32\drivers\N360

2010-11-27 01:27 . 2010-11-27 01:27 -------- d-----w- c:\program files\Norton 360

2010-11-27 01:27 . 2010-11-27 01:27 -------- d-----w- c:\program files\Windows Sidebar

2010-11-27 01:27 . 2010-11-27 01:27 -------- d-----w- c:\program files\NortonInstaller

2010-11-27 01:22 . 2010-11-27 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-11-27 01:11 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-23 22:49 . 2010-11-23 22:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer

2010-11-23 22:06 . 2010-11-23 22:06 -------- d-----w- c:\documents and settings\Brian Griffin\Application Data\TeamViewer

2010-11-23 22:06 . 2010-11-23 22:06 -------- d-----w- c:\documents and settings\Brian Griffin\temp

2010-11-23 22:02 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-11-23 22:02 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2010-11-23 22:02 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-11-23 22:02 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-11-17 01:48 . 2010-11-17 01:48 -------- d-----w- c:\documents and settings\Brian Griffin\Application Data\Registry Mechanic

2010-11-12 20:07 . 2010-11-12 20:07 -------- d-----w- c:\documents and settings\Brian Griffin\Application Data\com.w3i.musicoasis

2010-11-09 02:39 . 2010-11-09 02:39 -------- d-----w- c:\documents and settings\Matthew Griffin\Local Settings\Application Data\{AD28A8DC-119B-41A6-B446-C97DE3B07C95}

2010-11-06 17:42 . 2010-11-29 12:00 0 ----a-w- c:\windows\Lkudeza.bin

2010-11-06 17:36 . 2010-11-06 17:37 0 ----a-w- c:\windows\system32\drivers\sst1E.sys

2010-11-06 17:36 . 2010-11-06 17:36 0 ----a-w- c:\windows\system32\drivers\sst1E.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:42 . 2010-09-29 23:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 22:42 . 2010-09-29 23:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-01 03:04 . 2010-10-01 03:04 36864 ----a-r- c:\documents and settings\Brian Griffin\Application Data\Microsoft\Installer\{4FCBD822-5DAB-4403-9064-569D7AA7DAD6}\_FA81DAE.exe

2010-09-18 17:23 . 2004-08-04 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-10-09 23:03 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-10-09 23:03 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2004-08-04 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-15 07:29 . 2008-07-01 17:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-12 20:05 . 2010-09-12 20:05 1409 ----a-w- c:\windows\system32\tmp1921A.FOT

2010-09-10 05:58 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-29 39408]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

"Google Update"="c:\documents and settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CinemaNow Media Manager\\CinemaNowShell.exe"=

"c:\\Program Files\\ATT-SST\\McciBrowser.exe"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/29/2010 1:11 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/29/2010 1:11 AM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/29/2010 1:11 AM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/29/2010 1:11 AM 116784]

R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 9:49 PM 138616]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [11/29/2010 1:11 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/26/2010 8:30 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101130.001\IDSXpx86.sys [10/19/2010 3:36 PM 341880]

S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\SYSTEM32\DRIVERS\dvr2ins.sys [7/1/2005 2:24 PM 34792]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 6:07 PM 136176]

S3 papycpu;papycpu; [x]

.

Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 23:07]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 23:07]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006Core.job

- c:\documents and settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-27 06:19]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006UA.job

- c:\documents and settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-27 06:19]

2010-12-04 c:\windows\Tasks\User_Feed_Synchronization-{BC20D8D7-7E2A-4379-9909-948FDDE4E364}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/library/app/feedback/?Md5=845D2E21B1DE52941CC5B6868D3F79AC

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch

Trusted Zone: aol.com\free

Trusted Zone: motive.com\patttbc.att

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-04 16:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3248)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\wscntfy.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Completion time: 2010-12-04 17:04:04 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-04 22:04

Pre-Run: 4,425,134,080 bytes free

Post-Run: 4,363,751,424 bytes free

- - End Of File - - CA00323AC227676778122C98DEBF6472

Link to post
Share on other sites

How are things now?

So far, the computer has not frozen once. I'd like to test it for a little longer before I commit that everything is "fixed". My daughter ran a program today that did not freeze up. She has had problems before today.

Any suggestions on removing the AskToolBar at this point?

Link to post
Share on other sites

No, let's try different way.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

I'm not sure what it happening, but I can paste the txt into the post, but when I click add reply, my post doesen't show up...strange.

OTL logfile created on: 12/11/2010 11:54:00 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Brian Griffin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 35.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.34 Gb Total Space | 4.08 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: GRIFFIN_HOME | User Name: Brian Griffin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brian Griffin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

PRC - C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe (Eastman Kodak Company)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

PRC - C:\WINDOWS\SYSTEM32\CTHELPER.EXE (Creative Technology Ltd)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brian Griffin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SYSTEM32\CTAGENT.DLL (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

SRV - (KodakCCS) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe (Eastman Kodak Company)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found

DRV - (SMPLSCSI) -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS File not found

DRV - (SDDMI2) -- C:\WINDOWS\System32\DDMI2.sys File not found

DRV - (ONSIO) -- C:\WINDOWS\System32\DRIVERS\ONSIO.SYS File not found

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (ctdvda2k) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys File not found

DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101210.038\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101210.038\NAVENG.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101210.001\IDSXpx86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)

DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys ()

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)

DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)

DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)

DRV - (DCFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys (Eastman Kodak Company)

DRV - (Exportit) -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys (Eastman Kodak Company)

DRV - (DcCam) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys (Eastman Kodak Company)

DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTAC32K.SYS (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)

DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()

DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\EMUPIA2K.SYS (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTSFM2K.SYS (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\CTPRXY2K.SYS (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\HAP16V2K.SYS (Creative Technology Ltd)

DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)

DRV - (DVR2INS) -- C:\WINDOWS\SYSTEM32\DRIVERS\dvr2ins.sys (cypress semiconductor)

DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS (Creative Technology Ltd.)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (msgame) -- C:\WINDOWS\SYSTEM32\DRIVERS\msgame.sys (Microsoft Corporation)

DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/25 20:39:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{18A88EA7-A48D-4CA3-A59C-D154C5FEC032}: C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\{18A88EA7-A48D-4CA3-A59C-D154C5FEC032}

FF - HKLM\software\mozilla\Firefox\Extensions\\{AD28A8DC-119B-41A6-B446-C97DE3B07C95}: C:\Documents and Settings\Matthew Griffin\Local Settings\Application Data\{AD28A8DC-119B-41A6-B446-C97DE3B07C95} [2010/11/08 21:39:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/01 20:18:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/11/29 01:10:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/11/26 20:31:39 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/04 16:56:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()

O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)

O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\JunoInternet\qsacc\X1IEBHO.dll (Juno, Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1122513785801 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1290830169781 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.reference.com/tools/toolbar/lexico.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = valdeseweavers.com

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 11:23:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian Griffin\Desktop\OTL.exe

[2010/12/09 21:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Uninstaller 1.0.0.1

[2010/12/04 17:33:30 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys

[2010/12/04 16:28:27 | 000,000,000 | ---D | C] -- C:\found.000

[2010/12/02 21:16:36 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/12/02 21:09:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/12/02 21:09:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/12/02 21:09:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/12/02 21:09:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/12/02 21:07:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/12/02 21:02:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/30 19:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\My Documents\Uninstall Ask Toolbar_files

[2010/11/29 01:11:21 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys

[2010/11/29 01:11:21 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys

[2010/11/29 01:11:20 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys

[2010/11/29 01:11:20 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys

[2010/11/29 01:11:20 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys

[2010/11/29 01:11:20 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys

[2010/11/29 01:11:20 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys

[2010/11/29 01:11:19 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys

[2010/11/29 01:10:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005

[2010/11/28 13:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Chrome

[2010/11/27 07:35:16 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/11/26 22:40:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/11/26 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\My Documents\Symantec

[2010/11/26 20:28:53 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2010/11/26 20:28:52 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2010/11/26 20:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360

[2010/11/26 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2010/11/26 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2010/11/26 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010/11/26 20:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/11/26 20:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/11/26 20:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/11/26 20:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/11/26 20:11:10 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/11/26 20:11:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/26 20:11:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/26 20:11:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/23 17:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer

[2010/11/23 17:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\Application Data\TeamViewer

[2010/11/23 17:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\temp

[2010/11/23 17:02:38 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys

[2010/11/23 17:02:31 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2010/11/16 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\Application Data\Registry Mechanic

[2010/11/16 20:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/12 15:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\My Documents\webkit

[2010/11/12 15:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Griffin\Application Data\com.w3i.musicoasis

[2005/02/19 17:16:14 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[8 C:\Documents and Settings\Brian Griffin\My Documents\*.tmp files -> C:\Documents and Settings\Brian Griffin\My Documents\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 11:57:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC20D8D7-7E2A-4379-9909-948FDDE4E364}.job

[2010/12/11 11:25:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/11 11:23:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Griffin\Desktop\OTL.exe

[2010/12/11 11:23:32 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml

[2010/12/11 11:22:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\Microsoft Word.lnk

[2010/12/11 11:05:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006UA.job

[2010/12/11 02:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/10 23:05:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006Core.job

[2010/12/08 17:26:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/12/07 18:13:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/12/07 18:13:03 | 000,682,346 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB

[2010/12/07 18:12:02 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000002-100A1102}.rfx

[2010/12/07 18:12:02 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000002-100A1102}.rfx

[2010/12/07 18:12:02 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000002-100A1102}.rfx

[2010/12/07 18:12:02 | 000,016,376 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000002-100A1102}.rfx

[2010/12/07 18:12:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2010/12/07 18:12:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2010/12/07 18:12:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000002-100A1102}.dat

[2010/12/07 18:12:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000002-100A1102}.dat

[2010/12/04 16:56:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/12/04 16:34:17 | 003,984,351 | R--- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\Combo-Fix.exe

[2010/12/03 22:06:42 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\Google Chrome.lnk

[2010/12/03 22:06:42 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/12/02 21:16:42 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI

[2010/12/02 19:57:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\My Documents\TFA revisions.doc

[2010/12/01 20:16:50 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\My Documents\All quiet essay.doc

[2010/11/30 19:06:17 | 000,004,359 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\My Documents\Uninstall Ask Toolbar.htm

[2010/11/29 19:58:57 | 000,001,889 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK

[2010/11/29 19:24:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nxaqakade.dat

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/29 07:00:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lkudeza.bin

[2010/11/28 22:37:39 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/27 07:51:03 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/27 07:47:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/27 07:43:07 | 000,000,423 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2010/11/26 22:47:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/26 20:28:52 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2010/11/26 20:28:52 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2010/11/26 20:28:52 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2010/11/26 20:28:52 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2010/11/26 20:22:44 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\Norton Installation Files.lnk

[2010/11/23 17:29:32 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/23 17:06:00 | 001,528,624 | ---- | M] () -- C:\Documents and Settings\Brian Griffin\Desktop\MCS_Support.exe

[2010/11/19 20:27:07 | 008,417,280 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2010/11/19 20:27:07 | 005,817,344 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[8 C:\Documents and Settings\Brian Griffin\My Documents\*.tmp files -> C:\Documents and Settings\Brian Griffin\My Documents\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 06:54:54 | 003,378,269 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000002-100A1102}.CDF

[2010/12/02 21:16:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/12/02 21:16:38 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/12/02 21:09:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/12/02 21:09:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/12/02 21:09:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/12/02 21:09:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/12/02 21:09:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/12/02 21:04:17 | 003,984,351 | R--- | C] () -- C:\Documents and Settings\Brian Griffin\Desktop\Combo-Fix.exe

[2010/12/02 19:06:39 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\My Documents\TFA revisions.doc

[2010/12/01 18:36:50 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\My Documents\All quiet essay.doc

[2010/11/30 19:06:03 | 000,004,359 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\My Documents\Uninstall Ask Toolbar.htm

[2010/11/29 19:58:20 | 000,682,346 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB

[2010/11/29 01:11:21 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat

[2010/11/29 01:11:21 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf

[2010/11/29 01:11:20 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat

[2010/11/29 01:11:20 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat

[2010/11/29 01:11:20 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat

[2010/11/29 01:11:20 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat

[2010/11/29 01:11:20 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat

[2010/11/29 01:11:20 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf

[2010/11/29 01:11:20 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf

[2010/11/29 01:11:20 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf

[2010/11/29 01:11:20 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf

[2010/11/29 01:11:20 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf

[2010/11/29 01:11:19 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat

[2010/11/29 01:11:19 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat

[2010/11/29 01:11:19 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf

[2010/11/29 01:11:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf

[2010/11/29 01:10:48 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini

[2010/11/28 13:41:04 | 000,000,121 | ---- | C] () -- C:\Program Files\debug.log

[2010/11/26 23:03:25 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Desktop\Google Chrome.lnk

[2010/11/26 23:03:25 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/26 23:00:51 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006UA.job

[2010/11/26 23:00:50 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-528341822-4101397123-1346815493-1006Core.job

[2010/11/26 20:28:52 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2010/11/26 20:28:52 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2010/11/26 20:28:38 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK

[2010/11/26 20:22:43 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Desktop\Norton Installation Files.lnk

[2010/11/23 17:29:32 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/23 17:06:00 | 001,528,624 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Desktop\MCS_Support.exe

[2010/11/06 12:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\sst1E.sys

[2010/02/09 19:04:43 | 000,001,458 | ---- | C] () -- C:\WINDOWS\GSKETCHP.INI

[2009/10/13 20:46:41 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll

[2009/10/13 20:46:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll

[2009/06/09 22:03:15 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/01/10 13:46:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulead32.ini

[2008/10/09 18:02:45 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys

[2007/07/05 17:30:39 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Hulabee.ini

[2007/02/15 18:54:29 | 000,000,398 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006/12/19 04:58:50 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2006/11/24 09:50:37 | 000,000,844 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2006/11/21 17:09:55 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini

[2006/11/20 17:10:43 | 000,000,100 | ---- | C] () -- C:\WINDOWS\EXPLORA.INI

[2006/11/06 19:10:17 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI

[2006/08/01 08:45:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini

[2006/05/20 15:19:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini

[2006/02/14 17:49:14 | 000,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2006/02/14 17:48:19 | 000,000,256 | ---- | C] () -- C:\WINDOWS\PROVW.INI

[2006/02/14 17:48:17 | 000,000,687 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI

[2005/08/27 10:20:38 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2005/07/01 04:50:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2005/06/21 14:10:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2005/06/20 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI

[2005/06/20 08:26:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini

[2005/06/20 08:26:32 | 000,000,445 | ---- | C] () -- C:\WINDOWS\SBW95.ini

[2005/06/06 21:04:47 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2005/06/04 21:03:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Matthew Griffin.ini

[2005/06/04 11:44:47 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/06/02 17:46:31 | 000,001,294 | ---- | C] () -- C:\WINDOWS\Stella.ini

[2005/06/02 17:26:55 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TassWin.INI

[2005/06/02 17:15:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL

[2005/06/02 17:15:40 | 000,766,026 | ---- | C] () -- C:\WINDOWS\System32\ActiveTerra2.dll

[2005/04/29 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/03/12 19:32:04 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI

[2005/03/03 18:34:08 | 000,003,820 | ---- | C] () -- C:\WINDOWS\disney.ini

[2005/02/19 17:17:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2005/02/19 17:16:44 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini

[2005/02/19 17:16:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2005/02/19 17:16:25 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI

[2005/02/19 17:16:25 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2005/02/19 17:15:49 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/02/15 20:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2005/02/13 20:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI

[2005/02/13 13:59:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Epsonpp.ini

[2005/02/12 11:14:14 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SWISNIFE.INI

[2005/02/11 17:23:52 | 000,001,100 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2005/02/10 05:35:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2005/02/09 22:02:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/09 17:02:32 | 000,001,457 | ---- | C] () -- C:\WINDOWS\JUNO.INI

[2005/02/08 21:21:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Application Data\PFP120JPR.{PB

[2005/02/08 21:21:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Application Data\PFP120JCM.{PB

[2005/02/08 21:18:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brian Griffin\Local Settings\Application Data\fusioncache.dat

[2005/02/06 10:29:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/02/06 10:22:35 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/02/06 09:48:46 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2003/11/25 12:15:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MemCompress.dll

[2003/06/12 12:00:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

[2003/06/04 16:10:48 | 000,000,332 | ---- | C] () -- C:\WINDOWS\ActiveSkin.ini

[2002/12/27 22:33:36 | 000,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini

[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/09/23 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/09/14 19:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T

[2010/09/14 19:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar

[2010/04/18 21:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/12/25 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow

[2008/12/25 20:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD

[2010/04/18 21:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2009/09/14 21:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juno

[2008/12/25 20:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM

[2005/07/01 04:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2006/05/01 16:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2010/11/26 22:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2005/07/17 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010/11/30 19:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/12/25 10:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/18 13:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/10/11 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\AnvSoft

[2009/09/14 19:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\AT&T

[2009/12/15 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\ATTToolbar

[2010/11/12 15:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\com.w3i.musicoasis

[2010/02/07 15:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\IObit

[2005/02/09 05:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\Jasc

[2005/02/22 05:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\Leadertech

[2009/05/25 15:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\LimeWire

[2010/11/16 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\Registry Mechanic

[2007/04/10 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\School Zone Preferences

[2005/11/06 20:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\Snapfish

[2010/11/23 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\TeamViewer

[2005/07/01 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Griffin\Application Data\Ulead Systems

[2010/12/11 11:57:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC20D8D7-7E2A-4379-9909-948FDDE4E364}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

< End of report >

OTL Extras logfile created on: 12/11/2010 11:54:01 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Brian Griffin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 35.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.34 Gb Total Space | 4.08 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: GRIFFIN_HOME | User Name: Brian Griffin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)

"C:\Program Files\ATT-SST\McciBrowser.exe" = C:\Program Files\ATT-SST\McciBrowser.exe:*:Enabled:mcci+McciBrowser -- (Alcatel-Lucent)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 22

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D7B2217-6055-4678-8E99-3FBECD0F65F9}" = CinemaNow Media Manager

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{4FCBD822-5DAB-4403-9064-569D7AA7DAD6}" = HP System Diagnostics

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers

"{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant

"{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}" = Pinball Panic

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD

"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant

"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}" = Ulead DVD MovieFactory 2 SE

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{a0296e52-6e9b-11d6-ace4-00105a0cf83f}" = Juno Internet

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update

"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ADS Tech Master Installer V3.0" = ADS Tech Master Installer V3.0

"ADS Tech V3.0 Instant DVD CapWiz" = ADS Tech V3.0 Instant DVD CapWiz

"AskSBar Uninstall" = Ask Toolbar

"ATT-SST" = AT&T Self Support Tool

"ATTToolbar" = AT&T Toolbar

"Clifford Learning Activities" = Clifford Learning Activities

"Clifford Reading" = Clifford Reading

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online

"Halo Trial" = Microsoft Halo Trial

"HijackThis" = HijackThis 2.0.2

"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Kid Pix Studio Deluxe 1.0" = Kid Pix Studio Deluxe

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Math 2" = Math 2

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mike's Monstrous Adventure Preview" = Mike's Monstrous Adventure Preview

"Monopoly Junior" = Monopoly Junior

"MotoRacerCurrentVer" = Moto Racer

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MyWaySearchAssistantDE" = My Way Search Assistant

"N360" = Norton 360

"NASCAR Racing 1999 Edition" = NASCAR Racing 1999 Edition

"NFL Fever 2000" = Microsoft NFL Fever 2000

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NROS" = NROS

"OpDKey" = Operation

"Oregon Trail® 5" = Oregon Trail® 5

"PhoTagsExpress" = PhoTags Express

"Photo Viewer_is1" = Photo Viewer s2.5

"Planetarium" = Planetarium

"PROSet" = Intel® PRO Network Adapters and Drivers

"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11

"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9

"RealPlayer 6.0" = RealPlayer Basic

"RealVNC_is1" = VNC Free Edition 4.1.2

"Sierra Utilities" = Sierra Utilities

"Storybook Weaver Deluxe" = Storybook Weaver Deluxe

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SysInfo" = Creative System Information

"Tarzan Action Game" = Tarzan Action Game

"The Weather Channel Desktop 6" = The Weather Channel Desktop 6

"The Weather Channel Toolbar" = The Weather Channel Toolbar

"Touch The Sky" = Touch The Sky

"Toy Story 2" = Toy Story 2

"TS2AC" = Toy Story 2 Activity Center

"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XBTB04967.XBTB04967Toolbar" = GameFiesta Games Toolbar

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"InstallShield_{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdo...authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdo...authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdo...authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

Error - 12/8/2010 11:31:24 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdo...authrootseq.txt>

with error: The specified server cannot perform the requested operation.

Error - 12/8/2010 11:31:25 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

Error - 12/8/2010 11:31:25 AM | Computer Name = GRIFFIN_HOME | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdo...authrootstl.cab>

with error: The data is invalid.

[ System Events ]

Error - 12/4/2010 5:31:50 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SMPLSCSI

Error - 12/4/2010 5:38:49 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7034

Description = The Kodak Camera Connection Software service terminated unexpectedly.

It has done this 1 time(s).

Error - 12/4/2010 5:55:42 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ADS Instant DVD 2.0 service failed to start due to the following

error: %%1058

Error - 12/4/2010 5:55:42 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 12/4/2010 5:55:42 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ONSIO service failed to start due to the following error: %%2

Error - 12/4/2010 5:55:47 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SMPLSCSI

Error - 12/7/2010 7:13:49 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ADS Instant DVD 2.0 service failed to start due to the following

error: %%1058

Error - 12/7/2010 7:13:49 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ASPI32 service failed to start due to the following error: %%2

Error - 12/7/2010 7:13:49 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7000

Description = The ONSIO service failed to start due to the following error: %%2

Error - 12/7/2010 7:13:57 PM | Computer Name = GRIFFIN_HOME | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SMPLSCSI

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

:files
C:\found.000
C:\Documents and Settings\Brian Griffin\My Documents\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\Nxaqakade.dat
C:\WINDOWS\Lkudeza.bin
C:\Documents and Settings\All Users\Application Data\Alwil Software
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

:files
C:\found.000
C:\Documents and Settings\Brian Griffin\My Documents\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\Nxaqakade.dat
C:\WINDOWS\Lkudeza.bin
C:\Documents and Settings\All Users\Application Data\Alwil Software
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

All processes killed

========== OTL ==========

ADS C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1 deleted successfully.

========== FILES ==========

C:\found.000\dir0002.chk folder moved successfully.

C:\found.000\dir0001.chk folder moved successfully.

C:\found.000\dir0000.chk folder moved successfully.

C:\found.000 folder moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL1157.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL1222.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL2078.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL3687.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL3760.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL3902.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL3960.tmp moved successfully.

C:\Documents and Settings\Brian Griffin\My Documents\~WRL4092.tmp moved successfully.

C:\WINDOWS\System32\drivers\sst1E.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\Nxaqakade.dat moved successfully.

C:\WINDOWS\Lkudeza.bin moved successfully.

C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian Griffin

->Temp folder emptied: 403 bytes

->Temporary Internet Files folder emptied: 43038975 bytes

->Java cache emptied: 24685356 bytes

->Google Chrome cache emptied: 13755758 bytes

->Flash cache emptied: 6109 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Erin Griffin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 1048 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 1032326 bytes

->Flash cache emptied: 7891 bytes

User: Matthew Griffin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Java cache emptied: 119398959 bytes

->Flash cache emptied: 9325 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 2046 bytes

->Flash cache emptied: 19514 bytes

User: Zack

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 670 bytes

->Flash cache emptied: 3985 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 185570 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17048 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 372336 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 193.00 mb

[EMPTYFLASH]

User: All Users

User: Brian Griffin

->Flash cache emptied: 0 bytes

User: Default User

User: Erin Griffin

->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

->Flash cache emptied: 0 bytes

User: Matthew Griffin

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

User: Zack

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12112010_194309

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c8.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.