Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Restarting...


  • This topic is locked This topic is locked
28 replies to this topic

#1 parentproblems

parentproblems

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 December 2010 - 10:30 PM

Hi, my parents have somehow gotten their computer into quite a pickle. They've accidentally gotten viruses before but this seems more stubborn than most. The only apparent problem is windows explorer constantly restarts itself. It'll pop up that windows explorer has stopped working, and then it will restart, and the process will repeat again 10 seconds later. This obviously closes any explorer based windows at that time, making alot of actions difficult and quite annoying. I've ran a few programs and found a bunch of different viruses that it removed but few minutes after a restart these explorer restarts begin again. I normally just have symantec antivirus running but since this started I've also tried running malwarebytes and spybot. Any help will be greatly appreciated!

Windows 7
64 Bit

Attached Files



BC AdBot (Login to Remove)

 


#2 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 03 January 2011 - 02:54 PM

I know you're not supposed to bump and there was a holiday this week, but I didn't want my post to get lost and hoped someone would be able to assist.
Thanks!

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 04 January 2011 - 10:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 10 January 2011 - 05:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 15 January 2011 - 06:58 AM

This topic has been re-opened at the request of the person who originally posted.
Shannon

#6 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 20 January 2011 - 07:30 PM

Sorry, I didn't realize this was reopened!
Unfortunately the same problem still persists...
These are the most recent logs I have, any help will be appreciated!

Attached Files



#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 21 January 2011 - 10:56 AM

Hi-

If you are not receiving notification when this topic is updated, click on the Watch Topic button on the top of the page.

The logs did not show any real problems so we need to dig deeper.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Next, I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
In your reply, please copy in the contents of the RKU report and the ESET Online report (if you get one), and let me know how the computer is doing.

Thanks.
Shannon

#8 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 23 January 2011 - 04:36 AM

Thanks for responding, unfortunately the restart box keeps appearing...I attached a pic so you could see specifically what I'm talking about.
Unfortunately the rootkit unhooker wouldn't run. I don't know if it is a 64 bit thing or if it is related to the problem or what, but I tried running the exe and using the zipped file and both just gave me an error box as soon as I ran them (including as administrator) that just says "error loading driver, NTSTATUS code: 0xc000036b"

Attached Files



#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 23 January 2011 - 04:23 PM

Hi-

The Rootkit Unhooker probably doesn't like 64bit. We will try something else then.

We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, copy in the the two OTL reports.
Shannon

#10 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 23 January 2011 - 06:31 PM

I attached and copy/pasted the results.
Thanks for trying to help still

OTL

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/27 13:55:33 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/13 11:31:48 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2008/10/13 11:31:48 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2008/10/13 11:31:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2007/04/09 09:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/01/23 02:41:40 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/12/17 04:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110121.002\EX64.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110121.002\ENG64.SYS -- (NAVENG)
DRV - [2010/05/28 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/28 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/10/13 11:31:48 | 000,480,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:48 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2008/10/13 11:31:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "eslprintables Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2215634&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {E5860F3A-8B13-4F47-A551-A4F6E91F7251}:1.9.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {e47d6d44-6479-461d-bfa3-dbd0dc5a9011}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/09 22:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}: C:\Users\Monroe's\AppData\Local\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}\ [2010/12/14 14:41:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/20 20:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/20 20:47:26 | 000,000,000 | ---D | M]

[2009/11/08 13:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Extensions
[2011/01/23 08:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions
[2010/07/14 12:40:11 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/05/12 21:06:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/20 06:35:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/14 12:40:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/05 20:35:09 | 000,000,000 | ---D | M] (eslprintables Community Toolbar) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}
[2010/12/05 20:35:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\engine@conduit.com
[2010/07/14 12:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/11/23 13:35:36 | 000,000,929 | ---- | M] () -- C:\Users\Monroe's\AppData\Roaming\Mozilla\Firefox\Profiles\g7q9ors1.default\searchplugins\conduit.xml
[2011/01/23 18:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/14 14:41:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MONROE'S\APPDATA\LOCAL\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}
[2010/05/17 08:08:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MONROE'S\APPDATA\ROAMING\MOVE NETWORKS
[2010/06/22 05:53:44 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/07/14 14:49:29 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 12.129.232.127 us.version.worldofwarcraft.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{494f8a47-cc90-11de-b6db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{494f8a47-cc90-11de-b6db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/23 08:43:04 | 000,000,000 | ---D | C] -- C:\Users\Monroe's\Desktop\cruiseresultsPage.aspx_files
[2011/01/23 02:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/01/11 17:36:24 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/01/11 17:36:24 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/11 17:36:24 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/11 17:36:24 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/11 17:36:24 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/11 17:36:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/11 17:36:23 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/01/11 17:36:23 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/01/11 17:36:23 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/11 17:36:23 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/11 17:36:23 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/11 17:36:22 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/11 17:36:22 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/01/11 17:36:22 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/11 17:36:22 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/11 17:36:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/11 17:36:22 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/11 17:36:22 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/11 17:36:22 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/01/11 17:36:22 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/11 17:36:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/11 17:36:22 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/01/11 17:36:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/11 17:36:22 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/01/11 17:36:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/11 17:36:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/11 17:36:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/11 17:36:18 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/11 17:36:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

========== Files - Modified Within 30 Days ==========

[2011/01/23 18:24:53 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 18:24:53 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 18:21:53 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/23 18:21:53 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/23 18:21:53 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/23 18:17:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/23 18:17:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/01/23 18:16:32 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/23 08:43:05 | 000,003,255 | ---- | M] () -- C:\Users\Monroe's\Desktop\cruiseresultsPage.aspx.htm
[2011/01/23 02:41:40 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/23 02:39:08 | 000,356,947 | ---- | M] () -- C:\Users\Monroe's\Desktop\restarting.png

========== Files Created - No Company Name ==========

[2011/01/23 08:43:03 | 000,003,255 | ---- | C] () -- C:\Users\Monroe's\Desktop\cruiseresultsPage.aspx.htm
[2011/01/23 02:39:08 | 000,356,947 | ---- | C] () -- C:\Users\Monroe's\Desktop\restarting.png
[2011/01/23 02:20:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/12/13 15:29:20 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/21 16:39:50 | 000,000,120 | ---- | C] () -- C:\Users\Monroe's\AppData\Local\Gyosonulurup.dat
[2010/11/21 16:39:50 | 000,000,000 | ---- | C] () -- C:\Users\Monroe's\AppData\Local\Fvocodowurafoxos.bin
[2009/12/10 09:14:26 | 000,009,585 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/11/08 13:04:49 | 003,240,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/23 22:12:14 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\695E8E4E87.dll
[2009/07/27 14:48:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/24 03:25:47 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/04/24 03:25:47 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Monroe's\Documents\christmas party.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Monroe's\Documents\80th birthday.nws:OECustomProperty

< End of report >

Extras
OTL Extras logfile created on: 1/23/2011 6:22:01 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Monroe's\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.94 Gb Total Space | 324.88 Gb Free Space | 71.89% Space Free | Partition Type: NTFS
Drive D: | 13.82 Gb Total Space | 1.95 Gb Free Space | 14.10% Space Free | Partition Type: NTFS

Computer Name: MONROE-PC | User Name: Monroe's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{24B5028F-EE97-461F-AE13-0E67E12DD270}" = Symantec AntiVirus Win64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0C2F5D51-C60C-4585-A7F6-4D479FB6358F}" = Fundcraft Cookbooks On CD
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{27E371D2-A9A7-42CC-815F-E9EB224057B1}" = Picture Viewer (Beta) for Windows SideShow
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59716973-C123-4B46-B44B-36FCD9CEB8A3}" = Print Artist 22 Platinum
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE1B5E2F-9CA4-43E8-8A3A-E3A29E8D3786}" = The Print Shop 23
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"pywin32-py2.6" = Python 2.6 pywin32-212
"StarCraft II" = StarCraft II
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4153720668-1939005033-701598133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2011 7:22:21 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0x9c0 Faulting application start time: 0x01cbbb545fb0b3f0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: a07f6e30-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:22:43 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0x578 Faulting application start time: 0x01cbbb54668d6ab0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: ad460f70-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:23:04 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0x668 Faulting application start time: 0x01cbbb5473540bf0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: ba032b30-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:23:26 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0xcd4 Faulting application start time: 0x01cbbb5480138910 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: c6c2a850-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:23:48 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0xe18 Faulting application start time: 0x01cbbb549319c650 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: d3e88090-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:24:09 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0xb54 Faulting application start time: 0x01cbbb5499f67d10 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: e0a7fdb0-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:24:31 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0xc04 Faulting application start time: 0x01cbbb54a6b5fa30 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: ed6c3d90-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:24:52 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0x5ec Faulting application start time: 0x01cbbb54b37efcd0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: fa2bbab0-2747-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:25:14 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0xc58 Faulting application start time: 0x01cbbb54c682d8b0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: 07623c90-2748-11e0-a692-0026181a8a6d

Error - 1/23/2011 7:25:36 PM | Computer Name = Monroe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc0000005 Fault offset: 0x000000000002cc32
Faulting
process id: 0x79c Faulting application start time: 0x01cbbb54cd703910 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: 14456e50-2748-11e0-a692-0026181a8a6d


< End of report >

Attached Files



#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 24 January 2011 - 01:57 PM

Hi-

Thanks for the logs. We need to clean up a few things.

We need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..extensions.enabledItems: {E5860F3A-8B13-4F47-A551-A4F6E91F7251}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}: C:\Users\Monroe's\AppData\Local\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}\ [2010/12/14 14:41:33 | 000,000,000 | ---D | M]
[2010/12/14 14:41:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MONROE'S\APPDATA\LOCAL\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}
O3 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

In your reply, copy in the OTL Fix report. Has the computer stabilized any?
Shannon

#12 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 24 January 2011 - 02:43 PM

The first time I ran it, I got an error "Access Violation at address 005CC7ED in module 'OTL.exe'. Read of address 00000000
I tried to run it a second time and it said it completed and it posted this...

Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}: C:\Users\Monroe's\AppData\Local\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}\ [2010/12/14 14:41:33 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <[2010/12/14 14:41:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MONROE'S\APPDATA\LOCAL\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!

OTL by OldTimer - Version 3.2.20.4 log created on 01242011_144005

not sure if that worked or not, but the box continues to pop up unfortunately

Attached Files



#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 24 January 2011 - 02:57 PM

Hi-

Please redo the copy and make sure that it starts with the ":OTL", and rerun it.
Shannon

#14 parentproblems

parentproblems
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 24 January 2011 - 07:33 PM

I did, and got the same results. I realized what I think ran as a fix last time was this text:
"FF - HKLM\software\mozilla\Firefox\Extensions\\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}: C:\Users\Monroe's\AppData\Local\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}\ [2010/12/14 14:41:33 | 000,000,000 | ---D | M]
[2010/12/14 14:41:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MONROE'S\APPDATA\LOCAL\{E5860F3A-8B13-4F47-A551-A4F6E91F7251}
O3 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found."

which is left in that box after I click run fix and get the error the first time.
strange, eh?

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:28 AM

Posted 24 January 2011 - 09:14 PM

Hi-

It looks like the OTL fix is being blocked by the infection so we will try it this way -

First, we need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:otl
O3 - HKU\S-1-5-21-4153720668-1939005033-701598133-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

Next, do a new OTL scan to see what we have left to do.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

In your reply, please copy in the OTL Fix report and the regular OTL report.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users