Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirection to cars4all.biz


  • This topic is locked This topic is locked
8 replies to this topic

#1 sippingt3

sippingt3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:09:04 PM

Posted 21 September 2010 - 07:47 PM

Hello,

For the past few months when using the Google search window via Firefox, I am redirected to the following search page cars4all.biz. I believe this has caused the delay in my connection to the internet. Whether I use Firefox, which I've eliminated using completely, or whether I use Internet Explorer version 8. It takes me at least 45mins - 1hr to connect to the net. I read up on this topic in your forum and based on what I've read, it seems as though this is not a quick fix without your support. My ISP is Comcast, with a high speed modem connection As part of my service pack with Comcast, Norton Anti Virus is my Anti-Virus software , which I keep updated and perform all required tasks. In addition, based on previous support assistance from this site, I also use Spyware Blaster and A-Square as additional resources in concert with Norton.

This sight has been very helpful to my needs in the past and I greatly appreciate your current assistance. Copy of detailed DDS log indicated below and other required documents attached.

Best Regards.

Log

DDS.txt log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Helena at 20:56:55.81 on Sun 09/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.74 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Documents and Settings\Helena\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL =
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
mSearch Bar =
mSearchMigratedDefaultURL =
uInternet Settings,ProxyServer = http=127.0.0.1:9022
uInternet Settings,ProxyOverride = <local>;127.0.0.1;fws.municode.com;localhost;*.local
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [BackupNotify] "c:\program files\hp\digital imaging\bin\backupnotify.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ISTray] "c:\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hp\digital imaging\bin\hpotdd01.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\helena\applic~1\mozilla\firefox\profiles\sbuq548s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: XUL Cache: {832E2B97-AA38-4228-A2AB-F717681D6547} - c:\documents and settings\helena\local settings\application data\{832E2B97-AA38-4228-A2AB-F717681D6547}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2006-6-25 16855]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-30 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100917.001\IDSXpx86.sys [2010-9-18 331640]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-26 1872320]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-30 117640]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2006-6-25 21808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100919.003\NAVENG.SYS [2010-9-19 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100919.003\NAVEX15.SYS [2010-9-19 1362608]

=============== Created Last 30 ================

2010-09-20 00:51:31 0 ----a-w- c:\documents and settings\helena\defogger_reenable
2010-09-04 03:21:45 0 d-sh--w- c:\documents and settings\helena\PrivacIE
2010-09-01 01:38:06 0 d-sh--w- c:\documents and settings\helena\IETldCache
2010-08-30 23:17:56 0 d-----w- c:\windows\ie8updates
2010-08-30 23:13:00 0 dc-h--w- c:\windows\ie8
2010-08-30 23:05:22 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-30 23:05:12 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-30 23:05:12 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-30 23:05:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-30 23:05:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-30 23:05:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-30 23:05:04 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-30 23:04:58 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-25 17:42:25 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 20:58:04.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 27 September 2010 - 09:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 sippingt3

sippingt3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:09:04 PM

Posted 27 September 2010 - 09:21 PM

Thank you Myrti for replying to my post and for your assistance.

As indicated below, I'm still having the same issue with my computer.

In accordance with your instructions, I have posted the OTL.txt log and the Extra.txt log below.

Thank you once again.

OTL.txt
OTL logfile created on: 9/27/2010 9:39:10 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Helena\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.58 Gb Total Space | 61.39 Gb Free Space | 42.46% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.48 Gb Free Space | 10.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONGE
Current User Name: Helena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/27 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
PRC - [2010/09/22 20:40:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/21 21:54:51 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/23 19:50:48 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/17 17:56:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/12/08 13:33:48 | 001,173,384 | ---- | M] (PC Tools) -- C:\Spyware Doctor\pctsTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2004/05/12 15:18:54 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/08/12 12:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/07/28 09:43:44 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/07/28 09:40:56 | 000,376,832 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe
PRC - [2003/06/25 12:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 19:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/27 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
MOD - [2010/03/23 19:50:30 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/21 21:54:51 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010/03/23 19:50:48 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/17 17:56:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003/08/12 12:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)
DRV - [2010/08/28 04:50:04 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100927.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/28 04:50:04 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100927.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/29 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100927.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/03/23 19:51:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/23 19:50:52 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/23 19:50:52 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/23 19:50:52 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/23 19:50:52 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/23 19:50:52 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/23 19:50:52 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/03/23 19:50:52 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/03/23 19:50:52 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/03/23 19:50:52 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/03/23 19:50:51 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/23 19:50:51 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/11 15:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Aldebaran.sys -- (Aldebaran)
DRV - [2004/02/11 15:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)
DRV - [2003/12/12 10:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/06 06:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 23:50:00 | 001,619,243 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/05 20:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 22:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/10 11:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/03 03:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/18 20:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 15:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 03:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/04/22 01:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/04 21:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1;fws.municode.com;localhost;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1;fws.municode.com;localhost;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1;fws.municode.com;localhost;*.local
IE - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {832E2B97-AA38-4228-A2AB-F717681D6547}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9022
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,127.0.0.1,fws.municode.com,localhost,*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{832E2B97-AA38-4228-A2AB-F717681D6547}: C:\Documents and Settings\Helena\Local Settings\Application Data\{832E2B97-AA38-4228-A2AB-F717681D6547} [2009/04/23 08:51:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 18:23:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 20:41:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/22 20:41:24 | 000,000,000 | ---D | M]

[2009/08/13 12:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena\Application Data\Mozilla\Extensions
[2009/08/13 12:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena\Application Data\Mozilla\Firefox\Profiles\sbuq548s.default\extensions
[2010/09/27 18:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/05/20 19:21:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\ShellBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [ISTray] C:\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (Hewlett-Packard Company)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Helena\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Helena\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 21:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\PROGRA~1\AMERIC~1.0\aoltray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk - C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Helena^Start Menu^Programs^Startup^Organize.lnk - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\DISPLA~1.EXE -application core.hp.main\application.xml - File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe File not found
MsConfig - StartUpReg: AlcxMonitor - hkey= - key= - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: HPHmon05 - hkey= - key= - File not found
MsConfig - StartUpReg: HPHUPD05 - hkey= - key= - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LTMSG - hkey= - key= - C:\WINDOWS\ltmsg.exe (Agere Systems)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PS2 - hkey= - key= - File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Windows\Creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe File not found
MsConfig - StartUpReg: Sunkist2k - hkey= - key= - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - StartUpReg: WildTangent CDA - hkey= - key= - File not found
MsConfig - StartUpReg: WT GameChannel - hkey= - key= - C:\Program Files\WildTangent\Apps\GameChannel.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/27 21:32:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
[2010/09/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena\Desktop\gmer
[2010/09/03 23:21:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Helena\PrivacIE
[2010/08/31 21:38:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Helena\IETldCache
[2010/08/30 19:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/08/30 19:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/30 19:13:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/30 19:05:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/08/30 19:05:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/08/30 19:05:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/08/30 19:05:04 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/08/30 19:04:58 | 011,077,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/27 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
[2010/09/27 21:29:02 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\Microsoft Office Word 2003.lnk
[2010/09/27 19:14:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 18:21:46 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/09/27 18:21:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/27 18:20:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/27 18:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/26 00:17:38 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Helena\ntuser.dat
[2010/09/26 00:17:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Helena\ntuser.ini
[2010/09/19 21:02:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\gmer.zip
[2010/09/19 20:54:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\dds.scr
[2010/09/19 20:51:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Helena\defogger_reenable
[2010/09/14 20:44:03 | 000,000,705 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 20:43:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/31 21:38:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Helena\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 21:02:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Helena\Desktop\gmer.zip
[2010/09/19 20:54:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Helena\Desktop\dds.scr
[2010/09/19 20:51:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Helena\defogger_reenable
[2009/08/12 21:24:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/12 21:24:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/14 18:02:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Error Handlers
[2009/01/14 18:02:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Helena\Application Data\Electric Piano
[2009/01/14 18:02:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2006/06/25 19:18:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/06/25 19:17:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/06/25 19:16:06 | 000,002,055 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2006/06/25 19:16:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2005/07/21 22:32:34 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2004/12/06 01:09:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2004/11/04 17:11:44 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Helena\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/01 11:32:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Helena\Application Data\sversion.ini
[2004/05/23 17:57:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/04/12 22:34:33 | 000,008,994 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/04/12 22:34:07 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/07 19:23:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Helena\Local Settings\Application Data\fusioncache.dat
[2004/04/07 18:58:34 | 000,001,021 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/07 15:52:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/04/07 15:52:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/04/07 15:52:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/04/07 15:52:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/04/07 15:52:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/04/07 15:52:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/22 05:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 05:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 06:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 05:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/21 00:08:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/21 00:07:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/21 00:07:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/21 00:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 23:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 23:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 23:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 23:42:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 23:34:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 22:30:23 | 000,001,220 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/20 22:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 21:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 21:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 21:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 21:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 21:20:37 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 20:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/07 02:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/03/15 15:41:51 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mssrina.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2005/01/30 16:33:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/15 18:59:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/01/30 16:33:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/15 18:59:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 15:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/01/30 16:33:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/15 18:59:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2005/01/30 16:33:35 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/15 18:59:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/01/20 13:08:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/20 13:08:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/20 13:08:08 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Extra.txt
OTL Extras logfile created on: 9/27/2010 9:39:10 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Helena\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.58 Gb Total Space | 61.39 Gb Free Space | 42.46% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.48 Gb Free Space | 10.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONGE
Current User Name: Helena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4075770808-2995516413-367360236-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{3A97084F-A6B7-478B-8D5E-57A6BFA8C35B}" = Microsoft Office Outlook Connector for MSN
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel® Integrated Performance Primitives RTI 4.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6 (VCD Version)
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C140E041-CE7E-4947-87ED-630A2FEF6921}" = DXG Digital Camera V 2.0M
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E14B8A08-42B3-4676-9E91-1D39F8158DA1}" = HP Print Diagnostic Utility
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"a-squared Free_is1" = a-squared Free 4.5
"BackWeb-137903 Uninstaller" = Updates from HP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ComcastToolbar" = Comcast Toolbar
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HPTOOLKIT" = Toolkit View(HP)
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"Learn On-Demand" = Learn On-Demand
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSN Toolbar" = MSN Toolbar(01.02.5000.1021)
"MSNINST" = MSN
"N360" = Norton Security Suite
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA GART Driver" = NVIDIA GART Driver
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Shockwave" = Shockwave
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"WildTangent CDA" = WildTangent Web Driver
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 6:54:39 PM | Computer Name = TONGE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/19/2010 6:54:40 PM | Computer Name = TONGE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/19/2010 6:54:42 PM | Computer Name = TONGE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/19/2010 6:54:43 PM | Computer Name = TONGE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/22/2010 12:09:02 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 12:34:40 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.8161.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 12:37:07 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 12:38:03 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.8161.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 12:39:02 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.8161.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 12:39:14 AM | Computer Name = TONGE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/2/2010 11:27:14 PM | Computer Name = TONGE | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 8/2/2010 11:27:44 PM | Computer Name = TONGE | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 8/2/2010 11:28:14 PM | Computer Name = TONGE | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 8/7/2010 12:10:39 AM | Computer Name = TONGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/13/2010 3:03:30 PM | Computer Name = TONGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 9/1/2010 12:05:20 PM | Computer Name = TONGE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/1/2010 12:12:07 PM | Computer Name = TONGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 9/2/2010 7:03:52 PM | Computer Name = TONGE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/3/2010 11:34:18 AM | Computer Name = TONGE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/3/2010 11:36:13 AM | Computer Name = TONGE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 28 September 2010 - 03:16 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    FF - prefs.js..extensions.enabledItems: {832E2B97-AA38-4228-A2AB-F717681D6547}:1.0
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 9022
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,127.0.0.1,fws.municode.com,localhost,*.local"
    FF - HKLM\software\mozilla\Firefox\extensions\\{832E2B97-AA38-4228-A2AB-F717681D6547}: C:\Documents and Settings\Helena\Local Settings\Application Data\{832E2B97-AA38-4228-A2AB-F717681D6547} [2009/04/23 08:51:16 | 000,000,000 | ---D | M]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022
    O3 - HKU\S-1-5-21-4075770808-2995516413-367360236-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sippingt3

sippingt3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:09:04 PM

Posted 28 September 2010 - 06:58 PM

Hello Myrti,

Below are the logs requested. Thanks again for your assistance.

OTL..Custom Scan/Fixes log


All processes killed
========== OTL ==========
Prefs.js: {832E2B97-AA38-4228-A2AB-F717681D6547}:1.0 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9022 removed from network.proxy.http_port
Prefs.js: "localho,t,127.0.0.1,127.0.0.1,fws.municode.com,localhost,*.local" removed from network.proxy.no_proxies_on
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{832E2B97-AA38-4228-A2AB-F717681D6547} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{832E2B97-AA38-4228-A2AB-F717681D6547}\ not found.
C:\Documents and Settings\Helena\Local Settings\Application Data\{832E2B97-AA38-4228-A2AB-F717681D6547}\chrome\content folder moved successfully.
C:\Documents and Settings\Helena\Local Settings\Application Data\{832E2B97-AA38-4228-A2AB-F717681D6547}\chrome folder moved successfully.
C:\Documents and Settings\Helena\Local Settings\Application Data\{832E2B97-AA38-4228-A2AB-F717681D6547} folder moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4075770808-2995516413-367360236-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Helena
->Temp folder emptied: 469764531 bytes
->Temporary Internet Files folder emptied: 1711398 bytes
->Java cache emptied: 35123423 bytes
->FireFox cache emptied: 31151563 bytes
->Apple Safari cache emptied: 1926144 bytes
->Flash cache emptied: 1855322 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2435986 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138648 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3678610 bytes
RecycleBin emptied: 3254744375 bytes

Total Files Cleaned = 3,627.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09282010_191717

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET9D44.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_55c.dat not found!

Registry entries deleted on Reboot...


OTL.Txt log


OTL logfile created on: 9/28/2010 7:41:14 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Helena\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.58 Gb Total Space | 64.68 Gb Free Space | 44.74% Space Free | Partition Type: NTFS
Drive D: | 4.45 Gb Total Space | 0.48 Gb Free Space | 10.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TONGE
Current User Name: Helena
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Helena\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Helena\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Sunkfiltp) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100928.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100928.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100927.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Aldebaran) -- C:\WINDOWS\System32\Drivers\Aldebaran.sys (An Chen Computer Co., Ltd.)
DRV - (Achernar) -- C:\WINDOWS\System32\Drivers\Achernar.sys (An Chen Computer Co., Ltd.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1;fws.municode.com;localhost;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.13

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/20 21:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 18:23:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 20:41:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/22 20:41:24 | 000,000,000 | ---D | M]

[2009/08/13 12:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena\Application Data\Mozilla\Extensions
[2009/08/13 12:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Helena\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/13 12:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helena\Application Data\Mozilla\Firefox\Profiles\sbuq548s.default\extensions
[2010/09/28 19:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/22 20:41:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/22 20:40:45 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/22 20:40:45 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/22 20:41:07 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 23:52:33 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/07 20:39:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/07 20:39:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/07 20:39:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/07 20:39:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/07 20:39:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/07 20:39:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/07 20:39:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/09/22 20:41:10 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/22 20:41:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/22 20:41:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/22 20:41:10 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/22 20:41:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/23 19:52:39 | 000,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2010/09/22 20:41:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/22 20:41:10 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/05/20 19:21:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Helena\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Helena\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 21:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/28 19:17:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/27 21:32:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
[2010/09/19 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helena\Desktop\gmer
[2010/09/03 23:21:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Helena\PrivacIE
[2010/08/31 21:38:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Helena\IETldCache
[2010/08/30 19:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/08/30 19:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/30 19:13:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/30 19:05:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/08/30 19:05:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/08/30 19:05:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/08/30 19:05:04 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/08/30 19:04:58 | 011,077,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

========== Files - Modified Within 30 Days ==========

[2010/09/28 19:38:14 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Helena\ntuser.dat
[2010/09/28 19:32:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\Microsoft Office Word 2003.lnk
[2010/09/28 19:23:41 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/09/28 19:22:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/28 19:22:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/28 19:22:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/28 19:20:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Helena\ntuser.ini
[2010/09/27 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helena\Desktop\OTL.exe
[2010/09/27 19:14:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/19 21:02:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\gmer.zip
[2010/09/19 20:54:10 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Helena\Desktop\dds.scr
[2010/09/19 20:51:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Helena\defogger_reenable
[2010/09/14 20:44:03 | 000,000,705 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 20:43:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/31 21:38:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Helena\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2010/09/19 21:02:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Helena\Desktop\gmer.zip
[2010/09/19 20:54:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Helena\Desktop\dds.scr
[2010/09/19 20:51:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Helena\defogger_reenable
[2009/08/12 21:24:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/12 21:24:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/14 18:02:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Error Handlers
[2009/01/14 18:02:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Helena\Application Data\Electric Piano
[2009/01/14 18:02:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2006/06/25 19:18:03 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/06/25 19:17:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/06/25 19:16:06 | 000,002,055 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2006/06/25 19:16:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2005/07/21 22:32:34 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2004/12/06 01:09:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2004/11/04 17:11:44 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Helena\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/01 11:32:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Helena\Application Data\sversion.ini
[2004/05/23 17:57:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/04/12 22:34:33 | 000,008,994 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/04/12 22:34:07 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/04/07 19:23:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Helena\Local Settings\Application Data\fusioncache.dat
[2004/04/07 18:58:34 | 000,001,021 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/07 15:52:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/04/07 15:52:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/04/07 15:52:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/04/07 15:52:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/04/07 15:52:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/04/07 15:52:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/22 05:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 05:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 06:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 05:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/21 00:08:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/21 00:07:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/21 00:07:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/21 00:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 23:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 23:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 23:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 23:42:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 23:34:02 | 000,000,889 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 22:30:23 | 000,001,220 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/20 22:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 21:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 21:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 21:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 21:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 21:20:37 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 20:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/07 02:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/03/15 15:41:51 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mssrina.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 29 September 2010 - 04:42 AM

Hi,

you're welcome! smile.gif How is the PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 sippingt3

sippingt3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston, MA
  • Local time:09:04 PM

Posted 30 September 2010 - 03:35 PM

Hi Myrti,

My computer is running great...you have solved the problem clapping.gif

I have a few more house cleaning items to attend to, but I will submit another post as to free up your time for someone-else who has an urgent need.

Thanks again..have a great day!

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 01 October 2010 - 04:22 AM

Hi sipping,

there are a couple more things I would like to do with your, to make sure you don't have to come back in a few weeks. wink.gif

First of all I would like to check for leftovers with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 16 October 2010 - 04:08 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users