Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\system32\Sdra64.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 ADNERB

ADNERB

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 December 2009 - 11:57 AM

Hi. I am new to this forum and hope I'm posting correctly and to the right place. Will you read my Combofix log? I'm using Windows Vista. I was told by a computer tech friend to use "combofix" and now can't reach him. I read your sites about what steps to follow first but now its too late. My computer seems to be working ok now. I will post my log here in the hijack thread and hopefully I can get some expert advice about if I need to do anything else after you have read it.

Thanks.

ComboFix 09-12-29.04 - Owner 12/29/2009 22:08:42.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3062.2078 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 10:01 . 2009-12-30 04:03 63 ----a-w- c:\windows\system\SysSD.dll
2009-12-29 10:01 . 2009-12-30 03:32 -------- d-----w- c:\program files\Max Spyware Detector
2009-12-29 08:55 . 2009-12-29 09:24 -------- d-----w- c:\program files\PCPitstop
2009-12-29 01:50 . 2009-12-29 01:50 -------- d-----w- c:\windows\AiOTemp
2009-12-28 20:01 . 2009-12-28 20:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Verizon Wireless
2009-12-28 18:44 . 2009-12-28 18:44 25214 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{E296E0ED-038F-4A5A-9513-642F2FA17A59}\ARPPRODUCTICON.exe
2009-12-28 18:42 . 2009-11-03 02:47 95248 ----a-w- c:\windows\system32\PTDMWmcp64.dll
2009-12-28 18:42 . 2009-11-03 02:47 160912 ----a-w- c:\windows\system32\drivers\PTDMVsp.sys
2009-12-28 18:42 . 2009-11-03 02:47 13456 ----a-w- c:\windows\system32\drivers\PTDMWFLT.sys
2009-12-28 18:42 . 2009-11-03 02:47 118800 ----a-w- c:\windows\system32\drivers\PTDMWWAN.sys
2009-12-28 18:42 . 2009-10-26 10:10 6656 ----a-w- c:\windows\system32\ptdmcit.dll
2009-12-28 18:42 . 2009-11-03 02:47 55056 ----a-w- c:\windows\system32\drivers\PTDMBus.sys
2009-12-28 18:42 . 2009-11-03 02:47 160912 ----a-w- c:\windows\system32\drivers\PTDMMdm.sys
2009-12-09 09:05 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 09:05 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 09:05 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-01 23:41 . 2009-12-30 01:21 -------- d-----w- c:\program files\RebateInformer
2009-12-01 23:41 . 2009-12-01 23:49 -------- d-----w- c:\program files\Crawler
2009-12-01 23:39 . 2009-12-01 23:39 -------- d-----w- c:\program files\Inbox Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 02:43 . 2009-09-10 20:44 -------- d-----w- c:\program files\M-DELETE-Malwarebytes' Anti-Malware
2009-12-28 19:54 . 2008-11-19 18:19 -------- d-----w- c:\program files\Verizon Wireless
2009-12-28 18:42 . 2008-07-28 17:19 -------- d-----w- c:\program files\PANTECH
2009-12-28 18:31 . 2008-07-28 22:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Smith Micro
2009-12-20 05:00 . 2009-07-02 21:45 -------- d-----w- c:\program files\Google
2009-12-17 21:35 . 2008-02-18 07:04 -------- d-----w- c:\program files\Java
2009-12-09 21:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-24 08:53 . 2009-11-24 08:53 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-24 08:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-24 08:53 . 2009-11-24 08:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-24 08:53 . 2009-11-24 08:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-21 06:40 . 2009-12-08 22:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 22:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-08 22:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-08 22:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-13 00:36 . 2008-07-27 16:30 -------- d-----w- c:\program files\Motorola
2009-11-03 02:47 . 2008-07-28 17:19 88592 ----a-w- c:\windows\system32\PTDMWmcp.dll
2009-11-03 02:42 . 2009-10-02 18:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 18:35 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 10:17 . 2009-08-21 01:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-24 00:29 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-24 00:29 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-24 00:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 11:36 . 2009-12-08 22:42 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-05 09:29 . 2009-02-22 00:53 6740 ----a-w- c:\users\Owner\AppData\Roaming\wklnhst.dat
2009-10-04 01:07 . 2008-06-04 06:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-10-02 05:29 . 2008-07-27 17:32 104192 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2008-06-21 15:46 . 2008-07-27 15:26 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2009-12-01 12:23 807416 ----a-w- c:\progra~1\REBATE~1\RebateI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\windows defender\msascui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HostManager"="c:\program files\Common Files\AOL\1241566642\ee\AOLSoftware.exe" [2008-06-24 41824]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PC Pitstop Optimize Reminder"="c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe" [2009-06-10 205552]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-12-19 800688]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
VersionTrackerPro.lnk - c:\windows\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2009-3-7 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eFax.com Tray Menu.lnk
backup=c:\windows\pss\eFax.com Tray Menu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Live Menu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Live Menu.lnk
backup=c:\windows\pss\Live Menu.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VZAccess Manager.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk
backup=c:\windows\pss\VZAccess Manager.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
SOFTWARE\Broderbund Software\DSS\AppList\FDF3844AE [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:7a,a5,e9,0c,15,df,c9,01

R1 SDManager;SDManager;c:\program files\Max Spyware Detector\SDManager.sys [12/29/2009 4:01 AM 30128]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [6/23/2009 10:54 PM 145424]
R2 MaxProtector;MaxProtector;c:\program files\Max Spyware Detector\MaxProtector.sys [12/29/2009 4:02 AM 28592]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [12/29/2009 4:01 AM 433584]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [6/23/2009 10:54 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [6/23/2009 11:13 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [7/15/2009 6:36 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [6/23/2009 11:13 PM 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [6/23/2009 10:54 PM 256528]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 3:45 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:21 PM 21504]
S3 MMIndexer;Media Manager Indexer;c:\program files\Common Files\microsoft shared\Media Manager\AIRSVCU.EXE [8/3/1997 11:00 PM 136704]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\System32\drivers\nwusbser2.sys [4/19/2007 1:09 PM 99200]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\System32\drivers\PTDMBus.sys [12/28/2009 12:42 PM 55056]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\System32\drivers\PTDMMdm.sys [12/28/2009 12:42 PM 160912]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\System32\drivers\PTDMVsp.sys [12/28/2009 12:42 PM 160912]
S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\System32\drivers\PTDMWFLT.sys [12/28/2009 12:42 PM 13456]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\System32\drivers\PTDMWWAN.sys [12/28/2009 12:42 PM 118800]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/29/2009 2:55 AM 77312]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYMTDI
*Deregistered* - CO_Mon
*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 21:45]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 21:45]

2009-12-19 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-18 19:58]

2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{2F22F7F7-3E07-44FC-9570-5EAE483FE686}.job
- c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]

2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{875EF545-04A4-4544-805D-990207F5FDB4}.job
- c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files\Crawler\Radio\CRadio.exe
Trusted Zone: microsoft.com\oas.support
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF}
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13117.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Owner\Downloads\BJG downloads\PICASA3 (photo edit)\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotKeysCmds - (no file)
HKLM-Run-QuickTime Task - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 22:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender = "c:\program files\windows defender\msascui.exe" -hide?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-29 23:12:18
ComboFix-quarantined-files.txt 2009-12-30 05:12

Pre-Run: 154,860,097,536 bytes free
Post-Run: 154,865,704,960 bytes free

- - End Of File - - A5B505970281BC2B430AFF4B88D95D11

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 09 January 2010 - 11:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 14 January 2010 - 08:31 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 14 January 2010 - 04:18 PM

Hi,

topic has been reopened.

Please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 January 2010 - 05:22 PM

Programs "FREEZE up".
Windows Security Center says service is turned "OFF" & when click "Turn on now" popup says it "CAN'T BE STARTED".
Trend Micro Security popup says "PASSWORD NOT RECOGNIZED".
Internet Explorer "HARD TO CLOSE" at times bec wildly keeps opening same pg over & over.
Windows Defender at same time would not let me update but "WORKS OK NOW" after downl'd dif programs to try & fix it.
Deleted a file called "SED.EXE".
Since I last posted my COMBOFIX log I have uninstalled some programs such as Max Spyware Detector (unregistered), Crawler Toolbar, Crawler Radio etc.
Ran Registry Mechanic (unregistered version) but it deleted only for free the 1st 6 sections including 16 DLL files.
Ran PC Pitstop (unregistered) plus other dwnl'd programs that were unregistered & since uninstalled, they all showed lots of errors.
CANNOT RUN COMBOFIX again bec I can't turn off Trend Micro firewall.

BELOW RAN OTL LOG FILES YOU PREVIOUSLY ASKED FOR.
Thank you


OTL logfile created on: 1/15/2010 3:48:10 PM - Run 1
OTL by OldTimer - Version 3.1.25.0 Folder = C:\Users\Owner\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 143.31 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDASLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 15:44:22 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/11/25 15:42:18 | 00,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/11/21 00:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/19 19:17:50 | 03,925,272 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2009/10/27 21:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/20 18:50:12 | 00,995,528 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/10/20 18:50:10 | 00,711,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/03 19:07:28 | 00,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/03 18:51:40 | 00,677,128 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/17 22:59:28 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/23 22:54:23 | 00,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2009/06/23 22:54:23 | 00,341,256 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/05 16:18:30 | 00,140,584 | ---- | M] (AOL LLC) -- c:\Program Files\AOL Toolbar\aoltbServer.exe
PRC - [2008/10/15 13:55:10 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/08/20 09:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/06/20 15:37:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/20 15:37:34 | 01,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/05/06 22:06:26 | 02,162,688 | ---- | M] (CNET TechTracker) -- C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
PRC - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/11 21:13:12 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/11 21:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/02/11 21:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/01/20 20:23:48 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 20:23:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 20:21:41 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/19 20:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/09/13 10:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/04 14:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/08/23 18:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/05/16 12:43:06 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/09 04:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 17:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/10/23 06:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2001/07/03 11:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 15:44:22 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/10/20 18:50:10 | 00,711,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/24 19:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/07 00:34:05 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/03 19:07:28 | 00,497,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 18:51:40 | 00,677,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/26 08:26:20 | 00,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/23 22:54:23 | 00,341,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/06/05 18:07:28 | 00,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/04/15 16:54:42 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 15:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 20:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 20:28:34 | 00,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 20:28:34 | 00,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/23 18:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/05 11:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 04:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 06:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 06:50:35 | 00,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [1997/08/03 23:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Media Manager\AIRSVCU.EXE -- (MMIndexer)


========== Driver Services (SafeList) ==========

DRV - [2009/11/02 20:47:34 | 00,160,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2009/11/02 20:47:34 | 00,160,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2009/11/02 20:47:34 | 00,118,800 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2009/11/02 20:47:34 | 00,055,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2009/11/02 20:47:34 | 00,013,456 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWFLT.sys -- (PTDMWFLT)
DRV - [2009/06/23 22:54:30 | 00,256,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/06/23 22:54:30 | 00,145,424 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/06/23 22:54:30 | 00,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/05/25 15:43:58 | 00,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/05/22 02:02:26 | 00,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 02:00:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 01:45:58 | 01,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/02 17:08:54 | 00,050,192 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 17:08:52 | 00,050,192 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 17:08:48 | 00,153,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/11/20 13:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/07 16:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/06/20 15:37:38 | 00,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/02/11 20:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/24 23:46:40 | 00,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 20:22:59 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/20 20:21:35 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:21:35 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:21:35 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:21:34 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:21:34 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:21:34 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:21:33 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:21:33 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:21:33 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:21:33 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:21:32 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:21:32 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:21:32 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:21:31 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:21:31 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:21:31 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:21:31 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:21:30 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:21:29 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:21:29 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:21:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:21:28 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:21:09 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:21:09 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:21:09 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/13 00:50:00 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/08/08 19:42:08 | 00,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 00,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 00,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 11:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/04/19 13:09:42 | 00,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 13:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/04/19 13:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 13:09:42 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/03/12 18:29:46 | 01,747,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/18 11:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/17 07:38:52 | 00,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/29 16:24:57 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\S-1-5-21-766746229-2887371620-2364814001-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50-chromesbox-en-us&query="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-cneta"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-cneta"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.1
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.19
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50-ab-en-us&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/28 17:56:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/29 03:02:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 14:01:57 | 00,000,000 | ---D | M]

[2008/07/28 16:58:07 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/03 13:45:44 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\extensions
[2009/03/16 19:55:17 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/04 01:31:04 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/12/01 17:39:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\extensions\inboxcomtoolbar@inbox.com
[2009/12/04 01:31:07 | 00,001,731 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\searchplugins\aol-search.xml
[2009/12/04 01:13:40 | 00,002,168 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7hp7lbyx.default\searchplugins\inbox-search.xml
[2009/12/29 04:21:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/01/14 13:49:32 | 00,053,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13117.dll
[2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Windows\System32\msdxm.ocx (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O3 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] c:\program files\windows defender\msascui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-766746229-2887371620-2364814001-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/con...s/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/con...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/con...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: c:\windows\web\wallpaper\bliss.bmp
O24 - Desktop BackupWallPaper: c:\windows\web\wallpaper\bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/15 15:44:04 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/14 23:32:16 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/14 23:04:48 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2010/01/14 22:50:09 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/01/14 22:50:09 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/01/14 22:50:09 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/01/14 22:50:09 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/01/14 22:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/14 22:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/14 14:46:49 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Bleeping Comp Helping me w-PROBLEM
[2010/01/13 11:30:22 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/01/12 12:15:59 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PCPitstop
[2010/01/06 17:26:13 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Make MONEY Online
[2010/01/06 16:12:14 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\V1-VIRUS etc online help
[2010/01/06 16:06:52 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\D1-DRUG & MAYOR etc
[2010/01/06 15:56:08 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\O1-Oil & Gas - BP
[2010/01/06 15:39:50 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\G2-Geneal sites
[2009/12/30 11:24:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 11:24:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 11:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/29 23:12:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/29 23:12:20 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/12/29 23:12:20 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2009/12/29 21:59:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/29 21:59:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/29 21:59:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/29 21:56:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/29 21:55:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/29 20:30:03 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/12/29 02:55:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2009/12/29 02:55:17 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2009/12/28 19:50:22 | 00,000,000 | ---D | C] -- C:\Windows\AiOTemp
[2009/12/28 14:01:38 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Verizon Wireless
[2009/12/28 13:54:35 | 00,000,000 | ---D | C] -- C:\ProgramData\WEngineLite
[2009/12/28 13:54:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
[2009/12/28 12:55:49 | 00,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2009/12/28 12:55:49 | 00,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2009/12/28 12:42:59 | 00,095,248 | ---- | C] (DEVGURU) -- C:\Windows\System32\PTDMWmcp64.dll
[2009/12/28 12:42:57 | 00,160,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\PTDMVsp.sys
[2009/12/28 12:42:57 | 00,118,800 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTDMWWAN.sys
[2009/12/28 12:42:57 | 00,013,456 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTDMWFLT.sys
[2009/12/28 12:42:56 | 00,160,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\PTDMMdm.sys
[2009/12/28 12:42:56 | 00,055,056 | ---- | C] (DEVGURU Co., LTD.) -- C:\Windows\System32\drivers\PTDMBus.sys
[2009/12/17 15:35:30 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/17 15:35:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/17 15:35:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2010/01/15 15:55:00 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{875EF545-04A4-4544-805D-990207F5FDB4}.job
[2010/01/15 15:53:36 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F22F7F7-3E07-44FC-9570-5EAE483FE686}.job
[2010/01/15 15:50:28 | 03,932,160 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/01/15 15:44:22 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/15 15:12:36 | 00,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 15:12:36 | 00,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 14:25:57 | 00,707,528 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/15 14:25:57 | 00,607,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/15 14:25:57 | 00,105,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/15 12:32:56 | 00,378,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/15 12:32:46 | 00,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/01/15 12:32:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/15 12:32:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/15 12:32:32 | 32,091,01312 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/15 00:39:57 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{4ae71790-cfeb-11de-b3a6-ae09836838a9}.TMContainer00000000000000000001.regtrans-ms
[2010/01/15 00:39:57 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\ntuser.dat{4ae71790-cfeb-11de-b3a6-ae09836838a9}.TM.blf
[2010/01/15 00:39:45 | 04,753,110 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/01/14 23:50:11 | 00,104,192 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/14 23:16:48 | 00,000,135 | ---- | M] () -- C:\Users\Owner\Desktop\Downloads.url
[2010/01/14 23:09:21 | 03,792,896 | ---- | M] () -- C:\Users\Owner\s-1-5-21-766746229-2887371620-2364814001-1000.rrr
[2010/01/14 22:50:10 | 00,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/01/14 21:54:32 | 00,000,063 | ---- | M] () -- C:\Windows\System\SysSD.dll
[2010/01/14 14:01:57 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/14 13:33:35 | 00,000,000 | ---- | M] () -- C:\Users\Owner\Documents\fw
[2010/01/13 14:13:04 | 00,030,484 | ---- | M] () -- C:\Users\Owner\Desktop\BJG - HELP info - can't update windows defender.docx
[2010/01/13 12:19:18 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\tmvsthfud.bin
[2010/01/13 12:18:53 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\tmvsthfss.bin
[2010/01/12 12:53:44 | 00,000,720 | ---- | M] () -- C:\Users\Owner\Desktop\msconfig - Shortcut.lnk
[2010/01/12 12:15:28 | 00,000,859 | ---- | M] () -- C:\Users\Owner\Desktop\PC Matic.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 11:24:43 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/29 23:09:01 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/29 21:47:49 | 00,001,757 | ---- | M] () -- C:\Users\Owner\Desktop\Windows Defender.lnk
[2009/12/29 20:34:16 | 03,869,488 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2009/12/29 20:30:04 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/12/28 19:52:46 | 00,000,020 | ---- | M] () -- C:\Windows\Hposcv07.INI
[2009/12/28 13:54:40 | 00,001,153 | ---- | M] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk

========== Files Created - No Company Name ==========

[2010/01/14 23:16:48 | 00,000,135 | ---- | C] () -- C:\Users\Owner\Desktop\Downloads.url
[2010/01/14 23:09:20 | 03,792,896 | ---- | C] () -- C:\Users\Owner\s-1-5-21-766746229-2887371620-2364814001-1000.rrr
[2010/01/14 22:50:10 | 00,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/01/14 14:01:57 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/14 13:33:35 | 00,000,000 | ---- | C] () -- C:\Users\Owner\Documents\fw
[2010/01/12 19:47:34 | 00,030,484 | ---- | C] () -- C:\Users\Owner\Desktop\BJG - HELP info - can't update windows defender.docx
[2010/01/12 12:53:44 | 00,000,720 | ---- | C] () -- C:\Users\Owner\Desktop\msconfig - Shortcut.lnk
[2010/01/12 12:15:28 | 00,000,859 | ---- | C] () -- C:\Users\Owner\Desktop\PC Matic.lnk
[2009/12/30 11:24:43 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/29 21:59:26 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/29 21:59:26 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/29 21:59:26 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/29 21:59:26 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/29 21:47:49 | 00,001,757 | ---- | C] () -- C:\Users\Owner\Desktop\Windows Defender.lnk
[2009/12/29 20:34:14 | 03,869,488 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2009/12/29 04:01:59 | 00,000,063 | ---- | C] () -- C:\Windows\System\SysSD.dll
[2009/12/28 13:54:40 | 00,001,153 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2009/12/28 12:42:57 | 00,006,656 | ---- | C] () -- C:\Windows\System32\ptdmcit.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/23 23:01:24 | 00,153,104 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys
[2009/06/23 22:54:30 | 00,050,192 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys
[2009/06/23 22:54:30 | 00,050,192 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys
[2009/06/18 13:43:32 | 00,000,502 | ---- | C] () -- C:\Windows\PhotoFantasy.ini
[2009/06/18 13:35:14 | 00,000,765 | ---- | C] () -- C:\Windows\efscan.ini
[2009/06/18 13:35:14 | 00,000,021 | ---- | C] () -- C:\Windows\efaxview.ini
[2009/06/18 13:33:56 | 00,335,872 | ---- | C] () -- C:\Windows\System32\ldf252.dll
[2009/06/18 13:33:13 | 00,001,456 | ---- | C] () -- C:\Windows\PhotoImpression.ini
[2009/06/18 13:31:43 | 00,000,018 | ---- | C] () -- C:\Windows\as_setup.ini
[2009/05/27 15:27:17 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/30 22:27:01 | 00,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2009/04/30 22:25:09 | 00,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2009/02/21 20:08:54 | 00,002,741 | ---- | C] () -- C:\Windows\DevMgr.ini
[2009/02/21 20:03:02 | 00,000,020 | ---- | C] () -- C:\Windows\Hposcv07.INI
[2009/02/21 18:53:49 | 00,006,740 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/02/04 16:01:08 | 00,009,728 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/27 11:32:59 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2008/07/27 11:32:59 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2008/07/27 11:32:59 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2008/07/27 11:23:52 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/27 11:23:51 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/07/27 11:23:51 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/07/27 11:23:51 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 20:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/20 20:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 06:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/06/25 01:38:06 | 00,159,744 | ---- | C] () -- C:\Windows\System32\win2000.dll
[2000/04/14 15:50:02 | 00,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4D17708E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:14CE49B7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 15 January 2010 - 05:26 PM

Hi,

the log is looking rather good. Please provide a scan from gmer:


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 January 2010 - 11:15 PM

Hi,
FOUND below the other file "EXTRA.txt" on my desktop after posting last reply.
Unknown reason why but "Internet Explorer" not giving me problems as before so far.
I'll now follow your instructions to run GMAR & post it.

Thank you


OTL Extras logfile created on: 1/15/2010 3:48:10 PM - Run 1
OTL by OldTimer - Version 3.1.25.0 Folder = C:\Users\Owner\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 143.31 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.02 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDASLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-766746229-2887371620-2364814001-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "c:\program files\internet explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [print] -- "c:\program files\microsoft office\office11\msohtmed.exe" /p %1 File not found
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A4B0B39-6122-4EB8-BEC3-86C0B8E7E910}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0059F2A5-9DB3-4276-A133-A5226C7E6AD1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{011E15D4-A6F7-47D9-8BA6-944F4D2480AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12BDEA36-2393-428D-B533-D09AFE7A8FFE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C6EFA13-C038-4FF8-83FC-846A7CA58C04}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{1FA44E6F-99DD-4844-A0F7-CF9A6F02F2C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2EEE50EA-183B-42CE-8233-871B6D8DABF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2F49CAF5-248E-4301-A93B-E26CC2058B64}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{44F8ABFE-E5D2-47BA-A528-D4D9083ED551}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{475221A2-8E0F-4677-908B-956D45A8EFE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{4A8A9C74-34BB-46E8-958F-358C033179AD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F3653B3-06D5-46C2-9691-CE836E096DD7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{52536A84-014B-4069-9C27-542C5312ADDD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{52D86D96-EFE1-4793-906E-306C492CDBB4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{53D0D2AA-B596-4344-85F4-7F9544801A2A}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{6F14DC23-65D6-489A-868C-5C312ED991C5}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{6FEA208D-DA82-4F6A-9A9C-D4E30047251E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{750F4831-CFD0-48EB-966A-31F4D4A6793B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8370A78E-5244-4CD8-B22A-078DB56C677D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1241566642\ee\aolsoftware.exe |
"{9475DCFA-B277-444B-96D9-4918E8BBA18C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9A2E83AB-52C1-4BBC-BACD-1A1C93632C13}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1241566642\ee\aolsoftware.exe |
"{9C8D0C9B-D2E9-4214-9929-6B77727E958A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{A91C4F27-BD6C-4674-8847-A68274199BD1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AF443246-7964-47E6-B021-BBA29C2A2DA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D68D5B35-77EB-4052-A3AD-B22301BAD5C7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{DB601F86-36E5-4D44-AAF6-C473C7EC7ACC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{DF7B2829-3B5F-4A61-8DE9-B157E644B01B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8A75EAA-CB01-4E92-9FEE-E4B34A807D4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EFFF7F76-FA46-4C83-8041-051F02DBAB30}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F4F801B3-61C3-4DFC-8AD8-EC1FCE43B3D0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FFB1AC5A-249B-4812-A934-CB4FFE345377}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"TCP Query User{FAF5094A-7FF5-4F78-AA3B-73AE27D1457B}C:\program files\crawler\radio\cradio.exe" = protocol=6 | dir=in | app=c:\program files\crawler\radio\cradio.exe |
"UDP Query User{FDBC77CE-D772-4C68-98E8-C0F91D5E07B1}C:\program files\crawler\radio\cradio.exe" = protocol=17 | dir=in | app=c:\program files\crawler\radio\cradio.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{034BAB6C-8ED8-4CF6-B292-CC6A5B6ADFAA}" = Virtual Earth - 3DVIA (Beta)
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64A32253-A906-4AEB-B6A7-A90512B68D87}" = VersionTracker Pro Windows
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8911A5F5-06A6-4931-B193-E1FB0ECAF372}" = Exterminate3
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D666E437-158C-43D0-AC69-F67F6C5EC2B8}" = Trellix Web Express Site Building
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E296E0ED-038F-4A5A-9513-642F2FA17A59}" = UM150 Firmware Updates
"{EE43210C-266E-4101-8FBC-04378D5E9D42}" = hp officejet 7100 series
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"ACDSee" = ACDSee
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArcSoft PhotoFantasy" = ArcSoft PhotoFantasy
"ArcSoft PhotoImpression" = ArcSoft PhotoImpression
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Citrix Web Client" = Citrix Web Client
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eFax Messenger Plus" = eFax Messenger Plus
"Family Tree Maker" = Family Tree Maker 7.0
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Printing Software" = HP Photo Printing Software
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Manager 1.5" = Microsoft Media Manager 1.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSNINST" = MSN
"Oracle JInitiator 1.3.1.17" = Oracle JInitiator 1.3.1.17
"PC Matic_is1" = PC Matic 1.0.0.0
"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Recover My Email_is1" = Recover My Email
"Recover My Files_is1" = Recover My Files
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2010 3:34:39 PM | Computer Name = BrendasLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2010 5:03:35 PM | Computer Name = BrendasLaptop | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18865, time stamp
0x4b077416, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4abd66f5,
exception code 0xc0000005, fault offset 0x0550a3db, process id 0x1580, application
start time 0x01ca955cf50d6921.

Error - 1/14/2010 7:13:04 PM | Computer Name = BrendasLaptop | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2010 7:39:49 PM | Computer Name = BrendasLaptop | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18865, time stamp
0x4b077416, faulting module aoltb.dll, version 5.13.9.1, time stamp 0x49121ba5,
exception code 0xc0000005, fault offset 0x00086705, process id 0xb00, application
start time 0x01ca956f68a278a7.

Error - 1/14/2010 7:41:26 PM | Computer Name = BrendasLaptop | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18865, time stamp
0x4b077416, faulting module swg.dll_unloaded, version 0.0.0.0, time stamp 0x4abd66f5,
exception code 0xc0000005, fault offset 0x0824a3db, process id 0xab8, application
start time 0x01ca9570f5e2bad7.

Error - 1/14/2010 7:55:06 PM | Computer Name = BrendasLaptop | Source = Google Update | ID = 20
Description =

Error - 1/14/2010 8:55:07 PM | Computer Name = BrendasLaptop | Source = Google Update | ID = 20
Description =

Error - 1/14/2010 9:55:05 PM | Computer Name = BrendasLaptop | Source = Google Update | ID = 20
Description =

Error - 1/14/2010 10:55:05 PM | Computer Name = BrendasLaptop | Source = Google Update | ID = 20
Description =

Error - 1/14/2010 11:55:05 PM | Computer Name = BrendasLaptop | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 5/17/2009 8:54:36 AM | Computer Name = HenrysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2353
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 8/6/2009 8:18:19 PM | Computer Name = HenrysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/15/2010 2:34:45 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 1/15/2010 2:34:54 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 2:36:45 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 2:38:34 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 2:47:50 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 3:37:28 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 3:38:49 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 4:27:42 PM | Computer Name = BrendasLaptop | Source = DCOM | ID = 10010
Description =

Error - 1/15/2010 5:40:03 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/15/2010 5:40:13 PM | Computer Name = BrendasLaptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#8 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 16 January 2010 - 12:20 AM

Hi,
PROBLEM!
Earlier posting I said that "Trend Micro Security Center" does not recognize my password, therefore I am unable to "Temporarily disable real-time active protection".
Ran "GMER" in "Safe Mode", however after abt a minute into scan received popup saying it has "Stopped working".
Next, closed it down & tried to run it again but it crashed went to a blue screen running a "Crash Dump".
Next, screen went to a black screen labled "Windows Error Reporting".
Next screen went blank & started windows normally.
Now I am back to where I started from.
What should I do now.

Thank you

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 16 January 2010 - 06:20 AM

Hi,

could you please try to run it in safe mode?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 16 January 2010 - 10:08 PM

Hi,
OK I've had it!
Spent all day trying everything I know possible to get GMER to complete a run in both normal startup & Safe mode.
1st run abt 3 sec w/no popup, so I hit THE SCAN button & it ran no longer than 1min & 45sec, then popup says close program.
Finally, got password to work w/Trend Micro to deactivate real time protection.
Able to get GMER dwnl (3) times as a Mirror file to desktop in case any were bad files, even though IE popup keeps saying IE has closed right after saving to desktop.
GMER ZIP file will not dwnl, it opens to a Trend Micro WARNING pg that also suggest I can add site to approved website in Trend Micro if I trust it.
Added GMER Zip address to approved website in Trend Micro but still get same warning, therefore it will not save to desktop.
Disabled real protection in Windows Defender, didn't help.
Next in Windows Defender, under "Administrator Optons" unchecked "Use Windows Defender", didn't help.
Afterwards couldn't get it back up but finally got it running ok again.
IE popup keeps saying IE has closed, whether I try to dwnl GMER as a Mirror or Zip file.
For now, seems like I'm not having as many problems as before.
I still am wondering abt the SDRA65. exe or anything else running that could be bad.
Windows Update screen shows last "Recent Updates" & Updates installed" were both on 12-28-09.
I guess my main concern now is that I cannot get UPDATES.

Anymore suggestions!

Thank you

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 16 January 2010 - 10:12 PM

Hi,

please try and run mbr.exe instead. Let me know if you can download it, since it is from the same site as gmer. If not don't spend to much time on it, we'll find another solution.

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 18 January 2010 - 01:13 AM

Hi,
Thanks for your reply.
MBR.EXE dwnld said I did not have Administrator Permission to save to C:/drive but added that it could be saved to C:/Users/Owners.
I chose to do so but when I tried to move file to C:/ drive it said "Need to provide Administrator Permission" & lists the following info:
Local
Free Space 145 GB
Total size 221 GB
Continue - Skip - Cancel

Which do I choose?
Can it be run from C:/Users/Owner?

I am the Owner w/administrator rights but have had this happen before.
Do I need to change settings? If so, where do I go & what do I do.

Thank you

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 18 January 2010 - 08:25 AM

Hi,

yes sorry.

Please get yourself an elevated command line:
Go to start, then all programs followed by Accessories, right-click Command Prompt, and then click Run as administrator.

This will open an elevated command prompt.

Into that window please type:


copy C:\users\owners\mbr.exe C:\mbr.exe
and hit enter.
The empty spaces are important, please copy the line as is.

Afterwards please type:
c:\mbr.exe -t >"C:\mbr.log"

Check if you can find the mbr.log in your C:\ drive. If so please post the content here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 ADNERB

ADNERB
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 18 January 2010 - 03:00 PM

Am I missing something?

Changed directory to C:\ from Command prompt & was able to save MBR.EXE to C:\
Afterwards typed the following out beside C:\ (with spaces) but the text file that copied to C:\ drive reads ZERO bytes.
c:\mbr.exe -t >"C:\mbr.log"

Next even tried, none worked:
c:\mbr.exe -t >C:\mbr.log
mbr.exe -t >"C:\mbr.log"
mbr.exe -t >C:\mbr.log

Can I get a text log by running MBR.EXE from C:\drive, if I can get MBR to run?

Thank you

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:08 PM

Posted 19 January 2010 - 11:06 AM

Hi,

We are struggeling with UAC, please try the following approach: copy mbr.exe onto your desktop.

Open Notepad and copy/paste the code box below into a new text file.
@echo off
copy "%userprofile%\Desktop\mbr.exe" "C:\mbr.exe"
c:\mbr.exe -t >"C:\mbr.log"
notepad C:\mbr.log
  • Save the file as query.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "query.bat" and rightclick it. Select run as administrator.
  • It will open a text file, please copy the content in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users