Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect issue


  • This topic is locked This topic is locked
12 replies to this topic

#1 kahall

kahall

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 03:41 PM

System is Windows XP with all the latest service packs.
Problem is one that I have seen described here many times.
AV program on the PC is Mcafee security center which is kind of useless but it free to user through ISP.
The problem.
Search results sometimes redirect to site other than one shown in results.
I have ran many AV and spyware removal tools but after a reboot problem returns.
At this point Malwarebytes reports no problems even after reboot.
tdskiller.exe finds nothing when ran from desktop.
I have checked host file which is fine.
Actually there is no evidence of any problem other than the redirect itself unless I run hitman pro which reports that there is a proxy server being used and that would be 127.0.0.1:50370. If I choose to repair it hitman does so but a reboot causes it to return.
What do you need me to post here in order to receive help with this?
Thanks, Kirk

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:07:38 PM

Posted 08 December 2010 - 05:37 PM

Try following these instructions to remove the proxy server

http://www.ehow.com/how_5512742_remove-proxy-server.html

#3 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 05:50 PM

Try following these instructions to remove the proxy server

http://www.ehow.com/how_5512742_remove-proxy-server.html


Yeah, I am familiar with those procedures. There is never a proxy sever shown anywhere that I can see and I believe it is hidden in the registry somewhere and keeps coming back even after I remove/repair it.
Thanks for the reply though.

#4 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:07:38 PM

Posted 08 December 2010 - 06:05 PM

Please do the following.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


#5 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 07:24 PM

Got it.
While waiting for a response I ran Norman Malware Cleaner which I aborted before it finished but I took a screen shot of one file it deleted. Here it is.
Posted Image

Here is the requested logs.

OTL logfile created on: 12/8/2010 6:10:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.Lenette\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 111.44 Gb Free Space | 77.52% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.77% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS
Drive Q: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS

Computer Name: LENETTE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WMP54GSSVC) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe WMP54GSv1_1.exe File not found
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QuickBooksDB17) -- C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)


========== Driver Services (SafeList) ==========

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {575C17FA-1362-4B26-B238-213736CBF275}:1.9.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/01 00:25:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{575C17FA-1362-4B26-B238-213736CBF275}: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\{575C17FA-1362-4B26-B238-213736CBF275} [2010/10/04 17:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 15:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 08:44:25 | 000,000,000 | ---D | M]

[2009/01/18 21:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Extensions
[2010/12/07 17:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions
[2009/09/02 05:22:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 13:47:44 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/08/01 05:18:47 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\searchplugins\askcom.xml
[2010/12/07 17:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/05 14:45:35 | 000,000,730 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Second Copy 2000] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163466120389 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3361c955-737a-11db-b410-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3361c955-737a-11db-b410-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell - "" = AutoRun
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b8104fe4-ceb6-11dc-b44c-0018f8268f08}\Shell - "" = AutoRun
O33 - MountPoints2\{b8104fe4-ceb6-11dc-b44c-0018f8268f08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 18:07:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe
[2010/12/08 14:54:03 | 097,636,680 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Owner.Lenette\Desktop\Norman_Malware_Cleaner.exe
[2010/12/08 13:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/08 12:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 18:07:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe
[2010/12/08 18:05:29 | 000,067,678 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Desktop\norman.jpg
[2010/12/08 17:44:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/08 17:16:02 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006UA.job
[2010/12/08 14:51:42 | 097,636,680 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Owner.Lenette\Desktop\Norman_Malware_Cleaner.exe
[2010/12/08 14:16:45 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/08 14:09:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 14:09:24 | 000,026,683 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/12/08 14:08:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/08 14:08:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 14:08:21 | 1473,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 09:02:06 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/08 01:00:00 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\9b77 1242708107.job
[2010/12/07 18:16:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006Core.job
[2010/12/06 21:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/03 20:17:09 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Desktop\Google Chrome.lnk
[2010/12/03 20:17:09 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/17 08:44:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/15 01:01:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vugijabe
[2010/12/08 18:05:29 | 000,067,678 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Desktop\norman.jpg
[2010/12/08 12:58:56 | 1473,937,408 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/01 18:13:13 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Desktop\Google Chrome.lnk
[2010/12/01 18:13:13 | 000,002,324 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 18:11:58 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006UA.job
[2010/12/01 18:11:57 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006Core.job
[2010/11/17 08:43:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/01 16:21:33 | 000,002,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 20:40:57 | 000,000,033 | ---- | C] () -- C:\WINDOWS\EasyRip.ini
[2010/05/06 11:04:04 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/21 23:12:25 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/25 13:04:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/07 09:57:59 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2008/05/06 09:22:49 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/05/06 09:22:49 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/12/09 21:03:29 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\wklnhst.dat
[2007/10/17 18:16:40 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/29 17:12:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\$_hpcst$.hpc
[2007/03/03 23:39:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/03/03 23:38:47 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/03/03 23:38:32 | 000,000,684 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/03/03 23:32:14 | 000,007,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/31 23:27:08 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/31 22:36:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\fusioncache.dat
[2006/11/14 21:33:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/11/14 21:33:46 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/14 21:33:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/14 21:33:23 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/11/14 21:26:00 | 000,038,533 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Comma Separated Values (Windows).ADR
[2006/11/13 19:46:07 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/31 12:02:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/31 11:55:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 03:24:58 | 000,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/11/14 22:56:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/12/31 22:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/12/08 17:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/05/06 12:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/11/13 19:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/04/21 23:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/10/07 09:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay
[2010/04/21 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2006/07/31 12:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/31 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/12/22 21:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/03/03 08:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Amazon
[2008/03/04 20:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\eBookPro6
[2008/05/06 09:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\FUJIFILM
[2009/10/07 10:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\MP3SkypeRecorder
[2006/07/31 12:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\SampleView
[2007/12/09 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Template
[2010/07/31 20:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\WeatherBug
[2007/02/15 06:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Z-Firm LLC
[2010/12/08 01:00:00 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\Tasks\9b77 1242708107.job
[2010/11/15 01:01:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/12/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



< End of report >
_______________________________________________________________________

OTL Extras logfile created on: 12/8/2010 6:10:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.Lenette\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 111.44 Gb Free Space | 77.52% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.77% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS
Drive Q: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS

Computer Name: LENETTE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1154369075\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1154369075\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (Intuit, Inc.)
"C:\Documents and Settings\Owner.Lenette\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Owner.Lenette\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Owner.Lenette\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\Owner.Lenette\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found
"C:\Program Files\CuteFTP\CUTFTP32.EXE" = C:\Program Files\CuteFTP\CUTFTP32.EXE:*:Enabled:Winsock FTP Client -- (GlobalSCAPE, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Owner.Lenette\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Owner.Lenette\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{419858DC-80B3-4C7D-99D5-7B78BA6D039E}" = CRE Messenger
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{62682265-C7EB-4EC7-986B-666FE2785900}" = SA25x5 & SA26x5 Device Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F396FFB-CC3A-4335-BC0B-2AEF38F4492C}" = Microsoft WSE 2.0 SP3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8ED88911-2D91-402D-8114-367A07EF962B}" = Amazon Seller Desktop
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9645A95A-CEF9-4B9A-A34C-60D226576CF5}" = Diskeeper Home Edition
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"BigFix" = BigFix
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CuteFTP" = CuteFTP
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RCA Detective_is1" = RCA Detective 1.0.0.96
"RCA Detective™_is1" = RCA Detective™ 3.0.0.101
"RCA easyRip_is1" = RCA easyRip 2.4.2.0
"RCA Updater_is1" = RCA Updater 1.0.4.0
"RealPlayer 6.0" = RealPlayer Basic
"Second Copy 2000" = Second Copy 2000
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2010 10:50:54 AM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/17/2010 10:50:54 AM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/18/2010 12:00:47 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/18/2010 12:00:47 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/18/2010 12:00:47 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/18/2010 12:01:13 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
Error:Invalid user ID or passwo

Error - 11/18/2010 12:01:13 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Documents and Settings\Owner.Lenette\My
Documents\quickbooks\company file\9b77.QBW;ENG=QB_data_engine_20;DBN=eb6946314692479cb880019446a0e4

Error - 11/18/2010 12:01:13 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from
function:'DBMgr::DBConnPool::ini

Error - 11/18/2010 12:01:13 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": DMError Information:-6069Additional
Info:An Invalid Id or password was specifie

Error - 11/18/2010 8:31:37 PM | Computer Name = LENETTE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 10/29/2010 6:49:57 PM | Computer Name = LENETTE | Source = Print | ID = 6161
Description = The document com.usps.cns.web.pdf.LabelGenerationServlet owned by
Owner failed to print on printer Canon iP2600 series. Data type: NT EMF 1.008. Size
of the spool file in bytes: 458752. Number of bytes printed: 220964. Total number
of pages in the document: 1. Number of pages printed: 0. Client machine: \\LENETTE.
Win32 error code returned by the print processor: 13 (0xd).

Error - 11/17/2010 10:35:21 AM | Computer Name = LENETTE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 abb19720, parameter2 00000008, parameter3
abb19720, parameter4 00000000.

Error - 11/27/2010 3:00:29 PM | Computer Name = LENETTE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 aaf74360, parameter2 00000008, parameter3
aaf74360, parameter4 00000000.

Error - 12/1/2010 1:50:18 AM | Computer Name = LENETTE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
Pcmcia
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 12/8/2010 2:11:56 PM | Computer Name = LENETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/8/2010 2:13:01 PM | Computer Name = LENETTE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mfehidk

Error - 12/8/2010 2:13:41 PM | Computer Name = LENETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 12/8/2010 2:13:43 PM | Computer Name = LENETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 12/8/2010 2:57:49 PM | Computer Name = LENETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/8/2010 4:09:15 PM | Computer Name = LENETTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service McMSCSvc with
arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}


< End of report >

#6 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:07:38 PM

Posted 08 December 2010 - 07:33 PM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Otl
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0
    
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )


#7 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 08:21 PM

Here is the new log.


OTL logfile created on: 12/8/2010 7:16:32 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.Lenette\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 113.66 Gb Free Space | 79.06% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.53 Gb Free Space | 66.77% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS
Drive Q: | 232.88 Gb Total Space | 196.60 Gb Free Space | 84.42% Space Free | Partition Type: NTFS

Computer Name: LENETTE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WMP54GSSVC) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe WMP54GSv1_1.exe File not found
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QuickBooksDB17) -- C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)


========== Driver Services (SafeList) ==========

DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {575C17FA-1362-4B26-B238-213736CBF275}:1.9.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/01 00:25:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{575C17FA-1362-4B26-B238-213736CBF275}: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\{575C17FA-1362-4B26-B238-213736CBF275} [2010/10/04 17:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 15:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 08:44:25 | 000,000,000 | ---D | M]

[2009/01/18 21:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Extensions
[2010/12/07 17:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions
[2009/09/02 05:22:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 13:47:44 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/08/01 05:18:47 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Mozilla\Firefox\Profiles\9w6u9pnq.default\searchplugins\askcom.xml
[2010/12/07 17:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/05 14:45:35 | 000,000,730 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Second Copy 2000] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163466120389 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{35c10ab1-249a-11db-9824-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d621-578a-11de-b484-0018f8268f08}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{50e8d636-578a-11de-b484-0018f8268f08}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell - "" = AutoRun
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78e51dc2-3015-11dc-b432-0018f8268f08}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b8104fe4-ceb6-11dc-b44c-0018f8268f08}\Shell - "" = AutoRun
O33 - MountPoints2\{b8104fe4-ceb6-11dc-b44c-0018f8268f08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d30f5173-20bb-11db-870b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 19:09:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/08 18:07:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe
[2010/12/08 13:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/08 12:11:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2010/12/08 19:16:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006UA.job
[2010/12/08 19:13:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 19:13:23 | 000,026,683 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/12/08 19:12:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/08 19:12:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 19:12:30 | 1473,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 18:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/08 18:16:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006Core.job
[2010/12/08 18:15:15 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/08 18:07:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Lenette\Desktop\OTL.exe
[2010/12/08 09:02:06 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/08 01:00:00 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\9b77 1242708107.job
[2010/12/06 21:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/03 20:17:09 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Desktop\Google Chrome.lnk
[2010/12/03 20:17:09 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 01:00:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/17 08:44:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/15 01:01:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vugijabe
[2010/12/08 12:58:56 | 1473,937,408 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/01 18:13:13 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Desktop\Google Chrome.lnk
[2010/12/01 18:13:13 | 000,002,324 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 18:11:58 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006UA.job
[2010/12/01 18:11:57 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-172089902-3145183744-1899880602-1006Core.job
[2010/11/17 08:43:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/01 16:21:33 | 000,002,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 20:40:57 | 000,000,033 | ---- | C] () -- C:\WINDOWS\EasyRip.ini
[2010/05/06 11:04:04 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/21 23:12:25 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/25 13:04:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/07 09:57:59 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2008/05/06 09:22:49 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/05/06 09:22:49 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/12/09 21:03:29 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\wklnhst.dat
[2007/10/17 18:16:40 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/29 17:12:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\$_hpcst$.hpc
[2007/03/03 23:39:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/03/03 23:38:47 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/03/03 23:38:32 | 000,000,684 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/03/03 23:32:14 | 000,007,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/31 23:27:08 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/31 22:36:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Local Settings\Application Data\fusioncache.dat
[2006/11/14 21:33:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/11/14 21:33:46 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/14 21:33:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/14 21:33:23 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/11/14 21:26:00 | 000,038,533 | ---- | C] () -- C:\Documents and Settings\Owner.Lenette\Application Data\Comma Separated Values (Windows).ADR
[2006/11/13 19:46:07 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/31 12:02:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/31 11:55:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 03:24:58 | 000,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

#8 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:07:38 PM

Posted 08 December 2010 - 08:29 PM

Proxy server is gone now,rest of log looks good,you need to update your Java though

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 22 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 22 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u22 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


#9 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 08:54 PM

Got it.
Thanks! I will update the java.

Looks like you need to update your instructions. I was unable to follow the following step exactly. There may be a new update.

"Scroll down to where it says JDK 6 Update 22 (JDK or JRE)"
I did not see that anywhere but I know how to update java and will do so.

Thanks again,
Kirk

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:38 PM

Posted 08 December 2010 - 10:43 PM

Hello kahall.

Please read the following topics: A Reminder To Our Members Regarding Malware Logs
How do I get help? Who is helping me?.

Due to the content now present in this topic, I am shifting it to our malware logs forum. If you have any further issues or questions, please do not hesitate to ask and I will be happy to assist you.

~Blade
Forum Moderator

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 kahall

kahall
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 08 December 2010 - 11:30 PM

Hello kahall.

Please read the following topics: A Reminder To Our Members Regarding Malware Logs
How do I get help? Who is helping me?.

Due to the content now present in this topic, I am shifting it to our malware logs forum. If you have any further issues or questions, please do not hesitate to ask and I will be happy to assist you.

~Blade
Forum Moderator



Thanks for the follow up. I read the links provided and really appreciate the help. I think I followed the proper procedures but if I did not please advise. I know you guys are busy so I want to do it correctly next time and unfortunately I expect there will be a next time.

Kirk

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:38 PM

Posted 08 December 2010 - 11:46 PM

Hi Kirk.

You didn't do anything wrong. :)

I was just providing the information so that you would know why I took over the topic.

The problem here was that, while he may be knowledgable, trollocks overstepped the boundaries we have set forth in regards to what forms of advice we allow normal members to provide. These rules are in place to ensure the safety of our members, and ensure that they only receive help in this complex and critical area of support from those who we know are well informed and trained. Some methods used in the removal of malware can be very dangerous if used in the wrong circumstances.

I hope that explains things a bit more.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:38 PM

Posted 21 December 2010 - 08:31 PM

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users