Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a worm but don't know the name


  • Please log in to reply
11 replies to this topic

#1 swinhja

swinhja

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 25 August 2009 - 07:14 AM

Hiya. I've been reading advice on this site for a while, but never posted before. However I've been having a few problems lately and need help. I think it was my windows detected a worm and then I ran Malaware for the 2nd time this week. It detected 3 infections this time. My computer is so slow, I can't download Avast as it comes up with an error. My Norton hasn't worked for a while but could be out of date. I've done what was required and hope it's all ok. See below:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Jane at 12:16:57.42 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.105 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\anti virus\aawservice.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Common Files\AOL\1221935736\ee\aolsoftware.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Jane\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.0.3705; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.agame.com/game/4-wheel-fury2.html"
mRun: [CTSysVol] c:\program files\creative\sblive 24-bit external\surround mixer\CTSysVol.exe /r
mRun: [LXCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCDtime.dll,_RunDLLEntry@16
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: durhamrecordsonline.com\www
Trusted Zone: valuedopinions.co.uk\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38197.355150463
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\anti virus\aawservice.exe [2007-7-6 561152]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-1 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-9 101936]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2007-7-18 1643648]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NAVENG.SYS [2009-7-15 87888]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090715.016\NAVEX15.SYS [2009-7-15 875728]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-29 167808]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-3-29 1251720]

=============== Created Last 30 ================

2009-08-25 12:13 359,932 ac------ c:\program files\dds.scr
2009-08-25 11:50 308,160 ac------ c:\program files\avast_pro_setup.exe
2009-08-25 02:22 308,160 ac------ c:\program files\avast_home_setup.exe
2009-08-25 02:12 <DIR> -cd----- c:\program files\PersonalAV
2009-08-23 18:17 588,162 ac------ C:\Autoruns.zip
2009-08-12 16:54 <DIR> -cd----- c:\program files\common files\Corel
2009-07-30 00:41 <DIR> -cdsh--- c:\documents and settings\jane\IECompatCache
2009-07-28 23:05 <DIR> -cd----- c:\program files\iPod
2009-07-28 23:05 <DIR> -cd----- c:\program files\iTunes

==================== Find3M ====================

2009-08-16 19:58 5,486 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-05 10:01 204,800 ac------ c:\windows\system32\mswebdvd.dll
2009-07-17 20:01 58,880 ac------ c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 ac------ c:\windows\system32\wmpdxm.dll
2009-07-05 23:35 0 ac--h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 23:35 0 ac--h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-03 18:09 915,456 ac------ c:\windows\system32\wininet.dll
2009-06-25 09:25 730,112 ac------ c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 ac------ c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 ac------ c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 ac------ c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 ac------ c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 ac------ c:\windows\system32\wdigest.dll
2009-06-16 15:36 119,808 ac------ c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 ac------ c:\windows\system32\fontsub.dll
2009-06-12 13:31 76,288 -c------ c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 ac------ c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 ac------ c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 ac------ c:\windows\system32\wkssvc.dll
2009-06-03 20:09 1,291,264 ac------ c:\windows\system32\quartz.dll
2009-05-29 13:36 2,060,288 ac------ c:\windows\system32\usbaaplrc.dll
2009-05-18 19:10 34 ac------ c:\documents and settings\jane\jagex_runescape_preferences.dat
2007-09-21 17:00 23,402,288 ac------ c:\program files\AdbeRdr810_en_US.exe
2007-08-29 12:36 22 ac------ c:\program files\Microsoft Office Professional Plus 2007.zip
2007-07-17 00:34 25,755,448 ac------ c:\program files\wmp11-windowsxp-x86-enu.exe
2007-07-13 00:20 3,126,056 ac------ c:\program files\LimeWireWin.exe
2008-02-23 23:03 168 -c-shr-- c:\windows\system32\5DDBD8049F.sys
2008-09-20 00:51 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 12:17:08.96 ===============

I hope I've done everything right. Thanks

Jane

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 27 August 2009 - 10:22 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 swinhja

swinhja
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 27 August 2009 - 04:23 PM

Hi Sam :thumbup2:

Thanks so much for helping me.

The results of the OTL

OTL logfile created on: 27/08/2009 21:35:48 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Jane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 192.39 Mb Available Physical Memory | 40.13% Memory free
1.09 Gb Paging File | 0.77 Gb Available in Paging File | 70.07% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 150.32 Gb Free Space | 80.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 428.30 Gb Free Space | 91.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWINHOE
Current User Name: Jane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/03/24 18:40:44 | 00,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
PRC - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/10/11 08:45:52 | 00,031,232 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/09/12 12:00:00 | 00,531,272 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2007/07/06 14:02:26 | 00,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\anti virus\aawservice.exe
PRC - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2006/10/23 13:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/06/21 17:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcdcoms.exe
PRC - [2006/11/14 15:01:21 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1221935736\ee\aolsoftware.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
PRC - [2009/08/27 21:35:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/07/06 14:02:26 | 00,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\anti virus\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/10/11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2006/10/23 13:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/13 04:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/03/24 18:40:44 | 00,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2005/06/21 17:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcdcoms.exe -- (lxcd_device [On_Demand | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/03/29 23:04:25 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2008/01/29 17:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/10 15:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2004/02/24 18:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
DRV - [2004/05/15 06:24:10 | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2002/08/29 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2004/04/26 04:23:41 | 00,130,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2002/08/29 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2009/02/25 10:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 10:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2004/03/24 18:44:50 | 00,099,568 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs [Disabled | Running])
DRV - [2004/03/24 18:45:22 | 00,027,664 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2003/12/30 07:38:52 | 00,028,080 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm [System | Stopped])
DRV - [2003/05/22 23:44:44 | 00,670,203 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ctxs51.sys -- (Intels51 [On_Demand | Running])
DRV - [2001/08/17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2002/08/29 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2009/07/15 09:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090715.016\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/07/15 09:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090715.016\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2004/04/26 04:23:40 | 00,178,736 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/10/21 07:07:30 | 00,174,530 | R--- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\ov519vid.sys -- (ovt519 [On_Demand | Stopped])
DRV - [2003/03/21 07:01:46 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [Disabled | Stopped])
DRV - [2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Disabled | Stopped])
DRV - [2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/08/29 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/03/16 04:39:10 | 00,167,808 | R--- | M] (NETGEAR Inc.) -- C:\WINDOWS\System32\DRIVERS\wg111v2.sys -- (RTLWUSB [On_Demand | Stopped])
DRV - [2007/04/03 14:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s616bus.sys -- (s616bus [On_Demand | Stopped])
DRV - [2007/04/03 14:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped])
DRV - [2007/04/03 14:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s616mdm.sys -- (s616mdm [On_Demand | Stopped])
DRV - [2004/07/27 10:31:34 | 01,643,648 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\sbusb.sys -- (sbusb [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/07/07 00:36:52 | 00,217,600 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Running])
DRV - [2003/07/18 16:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp [Boot | Running])
DRV - [2004/07/07 00:37:44 | 00,012,416 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System | Running])
DRV - [2004/08/04 06:31:34 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
DRV - [2002/08/29 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/04/14 03:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2007/12/01 00:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2007/12/01 00:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/12/01 00:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/07/03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2007/07/03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2007/07/03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2009/04/05 11:31:16 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2002/08/29 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2007/01/09 23:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/06 20:23:43 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 23:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 23:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/09 23:59:18 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090710.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 23:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 23:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/01/09 23:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2002/08/29 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2002/08/29 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/01/10 22:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 AF 94 2B 66 23 CA 01 [binary data]
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\S-1-5-21-776746741-4282951562-813958858-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776746741-4282951562-813958858-1007\S-1-5-21-776746741-4282951562-813958858-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.co.uk/"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/08 22:15:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/24 01:47:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/03 16:29:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/03 16:29:04 | 00,000,000 | ---D | M]

[2009/02/12 00:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\mozilla\Firefox\Profiles\evxkx1qp.default\extensions
[2008/04/05 23:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\mozilla\Firefox\Profiles\evxkx1qp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/02/12 01:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\mozilla\Firefox\Profiles\evxkx1qp.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/06/05 18:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\mozilla\Firefox\Profiles\evxkx1qp.default\extensions\bettergmail2@ginatrapani.org
[2009/06/19 23:59:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/05/15 15:51:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/16 14:53:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/16 03:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/11 11:36:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/24 01:48:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/19 23:59:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/09/13 00:17:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2008/04/05 23:37:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/05/15 15:51:27 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/05/15 15:51:28 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/05/15 15:51:28 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/05/15 15:51:29 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/05/15 15:51:29 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/02/04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2008/12/09 01:05:28 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2008/05/15 15:51:46 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/03 16:29:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/03 16:29:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/06/15 11:24:15 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/06 06:44:17 | 00,002,206 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/06/15 11:24:15 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2006/06/01 00:17:38 | 00,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/06/15 11:24:15 | 00,001,077 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2007/01/17 23:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/11 15:39:34 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar2.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar2.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar2.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-776746741-4282951562-813958858-1007..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/23 14:46:42 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776746741-4282951562-813958858-1007_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-776746741-4282951562-813958858-1007_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..Trusted Domains: durhamrecordsonline.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..Trusted Domains: valuedopinions.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-776746741-4282951562-813958858-1007\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...38197.355150463 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/27 08:40:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 18:17:02 | 00,588,162 | ---- | M] () - C:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2007/06/16 01:41:00 | 00,000,038 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ac61bbbf-d355-11dd-a836-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/27 21:35:27 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
[2009/08/25 12:20:43 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Jane\Desktop\RootRepeal.exe
[2009/08/25 12:15:21 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\dds.scr
[2009/08/25 12:13:44 | 00,359,932 | ---- | C] () -- C:\Program Files\dds.scr
[2009/08/25 11:50:38 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_pro_setup.exe
[2009/08/25 02:22:17 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
[2009/08/25 02:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalAV
[2009/08/25 00:30:27 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Jane.job
[2009/08/25 00:30:17 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/08/23 18:49:36 | 50,284,5440 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/23 18:17:01 | 00,588,162 | ---- | C] () -- C:\Autoruns.zip
[2009/08/23 14:46:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2009/08/22 01:01:47 | 00,229,536 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\iTunes Diagnostics.spx
[2009/08/22 01:01:47 | 00,002,262 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\iTunes Diagnostics.rtf
[2009/08/13 23:12:12 | 00,096,491 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\reflections.pdf
[2009/08/12 16:56:09 | 00,002,057 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2009/08/12 16:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/08/03 21:00:46 | 02,371,013 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\BabiesRollerskating-Ad.wmv
[2009/07/28 23:05:58 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/28 23:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/28 23:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/16 22:14:18 | 00,000,383 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/07/16 20:29:30 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/15 00:43:41 | 00,000,042 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/15 00:04:52 | 00,000,089 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2008/10/14 23:00:37 | 00,000,305 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008/10/14 22:39:50 | 00,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2008/10/14 22:31:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ringtonemaker.INI
[2008/10/14 21:48:11 | 00,002,607 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/09/20 00:46:47 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/25 21:33:41 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/08/16 20:10:41 | 00,000,070 | ---- | C] () -- C:\WINDOWS\wsql.ini
[2008/08/16 20:10:29 | 00,084,504 | ---- | C] () -- C:\WINDOWS\System32\dbl50t.dll
[2008/08/16 20:10:29 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2008/08/14 21:34:03 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/08/14 21:30:28 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/08/14 21:30:28 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/08/06 00:34:57 | 00,000,368 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/08/06 00:33:11 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/03/26 01:37:20 | 00,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/08/31 17:29:40 | 00,000,543 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2007/08/29 19:09:56 | 00,000,604 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/17 20:39:37 | 00,005,486 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/08/17 20:39:37 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\5DDBD8049F.sys
[2007/07/18 22:47:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/07/18 22:47:04 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/07/18 22:46:25 | 00,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/07/18 22:46:22 | 00,009,953 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2007/07/17 23:49:38 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/12 23:53:27 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/07/12 23:53:27 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/07/07 05:42:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcdvs.dll
[2005/06/21 17:27:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\lxcdpmui.dll
[2005/06/21 17:27:02 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\lxcdserv.dll
[2005/06/21 17:22:06 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\lxcdlmpm.dll
[2005/06/21 17:21:40 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxcdcomm.dll
[2005/06/21 17:19:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxcdpplc.dll
[2005/06/21 17:18:58 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\lxcdcomc.dll
[2005/06/21 17:18:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\lxcdprox.dll
[2005/06/21 17:12:48 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\lxcdusb1.dll
[2005/06/21 17:09:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\lxcdhbn3.dll
[2004/08/04 04:17:20 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 03:57:26 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/04 03:37:08 | 00,108,021 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/08/04 03:33:29 | 00,099,597 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/08/04 03:30:52 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/08/04 03:12:25 | 00,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2004/07/30 01:09:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/27 14:28:14 | 00,001,388 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/27 09:50:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/27 07:27:44 | 00,000,915 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/27 07:27:38 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/08/27 21:35:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
[2009/08/27 17:45:39 | 00,000,915 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/27 10:35:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 10:35:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 10:35:35 | 50,284,5440 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/26 18:00:01 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jane.job
[2009/08/25 12:21:14 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Jane\Desktop\RootRepeal.exe
[2009/08/25 12:15:21 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\dds.scr
[2009/08/25 12:13:49 | 00,359,932 | ---- | M] () -- C:\Program Files\dds.scr
[2009/08/25 11:53:21 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Program Files\avast_pro_setup.exe
[2009/08/25 11:40:24 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/08/25 02:22:26 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
[2009/08/25 00:12:15 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/24 22:56:51 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/08/24 22:56:51 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/08/23 18:17:02 | 00,588,162 | ---- | M] () -- C:\Autoruns.zip
[2009/08/22 02:42:31 | 00,000,383 | ---- | M] () -- C:\WINDOWS\PhEdit.INI
[2009/08/22 01:01:47 | 00,229,536 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\iTunes Diagnostics.spx
[2009/08/22 01:01:47 | 00,002,262 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\iTunes Diagnostics.rtf
[2009/08/21 18:25:02 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/16 19:58:19 | 00,005,486 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/08/13 23:12:12 | 00,096,491 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\reflections.pdf
[2009/08/12 16:56:09 | 00,002,057 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 21:01:07 | 02,371,013 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\BabiesRollerskating-Ad.wmv
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/30 00:56:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/07/28 23:10:42 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
< End of report >

You asked me to let you know how my computer reacted during each process. The OTL scan seemed no bother at all. However, while the RootRepeal was scanning, the computer was so slow. I'm actually typing this and it's still just coming up onto the 2nd sentence of the paragraph.

The results to the RootRepeal are attached. Hope it's all ok. Just to let you know, my computer is still running slow. I'm typing quicker than the curser.

Thanks again

Jane :)

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 28 August 2009 - 09:46 AM

I don't think we're dealing with a malware issue here. But I do see some issues that may be contributing to your computer running slowly.

Read here about the Microsoft Search Enhancement Pack that you have running.
http://www.brighthub.com/computing/windows...cles/25609.aspx



Download Security Check by screen317 and save it to your Desktop.
  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 swinhja

swinhja
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 29 August 2009 - 08:25 AM

Thanks for you help. I went to the site you posted and have deleted the renamed the file as suggested.

I'm having problems connecting to the internet now. My Netgear Wireless keeps losing it's connection regularly which is annoying. So, sorry for the delayed reply.


Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
OneCare Advisor (Windows Live Toolbar)
OneCare Advisor (Windows Live Toolbar)
Norton 360


``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!


``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 29 August 2009 - 12:22 PM

Based off what I'm seeing you may have some programs conflicting and it looks like Norton is not installed correctly or possibly partially uninstalled. Can you tell me anything about that?

Please uninstall these programs:

Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Ad-Aware



Then you can download and install the current and secure version of java from here.
http://www.java.com/en/download/index.jsp


Let me know about Norton. It doesn't seem to running like it should and I think that's a big part of the problem.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 swinhja

swinhja
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 September 2009 - 04:48 PM

Hi Sam

I rang my internet provider and they've advised me to change my filter so fingers crossed, I won't go offline again.

I uninstalled the programs you said, and I tried to download the Java. It came up 'error cannot install with current internet settings'. Anyway, I followed the on screen advice and installed it off line. I managed in the end. Thanks

The Norton. I don't know exactly what happened there. I downloaded it for my husbands and my son's laptops as well as my computer. I'm on AOL though. And when it told me to click for updates it wouldn't let me on AOL. I tried clicking it while in explorer, but it automatically opened AOL. So I never got my updates. My husband did though. So apart from that I don't know what happened. I did disable some start up programs :thumbup2: but I'm sure I didn't disable any Norton ones.

My computer still takes ages to boot up. It shows the intel pentium sign for a good 5 minutes before windows loads up.

I hope you can help. I'm starting to think a new computer might be on the cards.

Thanks again
Jane

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 02 September 2009 - 11:47 AM

I just don't see Norton running as a process where it should be. Can you open Norton and run a scan?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 swinhja

swinhja
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 04 September 2009 - 03:27 PM

No my Norton won't open. I've now lost my D drive and my internet connection is so intimitant, I'm hoping it stays on long enough to send you this. I've bought a new Wireless Modem that is suitable for more computers (which we have a few incl. Nintendo Wii and Ipods), but after placing the installation disc in the drive, found that I have no D drive on my computer. I did before. (obviously).

Hope you can help

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 05 September 2009 - 09:51 AM

From the first log that you posted it wasn't recognizing a D: drive.

Drive C: | 186.31 Gb Total Space | 150.32 Gb Free Space | 80.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 428.30 Gb Free Space | 91.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded



Norton needs to be reinstalled or uninstall and replaced with another antivirus.
This will help with at least some of your issues.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 swinhja

swinhja
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 13 September 2009 - 03:51 PM

Hi Sam. Thanks so much for all of your help. My internet went off, and my computer had no D drive. I was lost. I ended up having to take it to a local shop where they sorted it out for me for a small price. It's running alot better. I will take your advice and uninstall Norton.

I'm still having alot of bother with my internet connection however. I've rang AOL 3 times now, and thought I'd got it sorted, but it's still keep going off. I've a netgear router. The internet light keeps flashing on and off, and sometimes goes red. It's so frustrating. AOL are now saying it's because I have SKY tv. Its worked for years upto now though. I'm thinking of leaving AOL but think it might not fix my problem.

Anyway, thanks so much for the time you've spent helping me.

Jane

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:28 PM

Posted 14 September 2009 - 06:38 AM

I don't think much of AOL. And even recently I've seen where their satisfaction ratings leave a lot to be desired. That being said, you may want to post into the networking forum and have the experts over there give their thoughts.

http://www.bleepingcomputer.com/forums/ind...amp;s=&f=21


Glad to hear you got the rest of it sorted out. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users