Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP SP3 with Zero Access via SystemCheck


  • This topic is locked This topic is locked
31 replies to this topic

#1 CaitieCat

CaitieCat

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 06 April 2012 - 05:47 PM

Good afternoon, hoping someone can help me. On March 17, while looking for information on how to avoid the google/blogspot redirect issue that affected a bunch of blogs recently, I suddenly got hit with SystemCheck, throwing up all its bogus warnings and problems. Fortunately, I didn't panic, disconnected from the Net immediately (physically), and set to work trying to get things sorted.

It took a few hours, but I managed to get rid of SystemCheck itself with the help of various fora. Still, though, my browser suffered redirects on any Google search. I downloaded and installed Malwarebytes (now also registered), and over the last three weeks have been trying repeatedly to clean what I now know to be a Zero Access rootkit in the TCP/IP stack. The SystemCheck problem is well over, and I've run Unhide with fair success.

I've read the full instructions on how to get started, but have run into two issues following the advice.

1) ddr.scr runs, but won't finish; it hangs up when the hash mark line has extended to below the "t" in "it" near the end of the last line of text. After a half hour or so, the whole computer freezes (as notable by the clock ceasing to update; I don't touch it while it's running), and requires a hard reboot. So I have no ddr.scr report to upload - I've tried it with and without Internet access activated (by physical switch), and in Safe Mode and regular Windows (I have XP SP3, as noted in the header), with no differences.

2) Similarly, gmer runs, but doesn't look like the version in the Preparation Guide. Only the checkboxes for Services, Registry, and Files are active, as is the ADS, Show All, and C: buttons (only one HDD). So I also don't have a report from that. It runs, and puts all kinds of neat entries in the various windows, but it won't generate a report that I'm aware of.

I'm happy to follow any instructions needed; I'm an experienced lay user, having "downgraded" this four-year-old laptop when I bought it from Vista to XP (which I have the disc for), and had SystemCheck beat within a day, but defeating this is beyond my skills. I know it may take a few days to get back to me. :)

Thank you for your help,

Cait

(Oh, and I ran Defogger too)

Edited by CaitieCat, 06 April 2012 - 05:50 PM.


BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 11 April 2012 - 10:01 AM

Hello CaitieCat ,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================


In your next reply, please copy/paste the contents of the following:
  • aswMBR Log
  • OTL.txt
  • Extra.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 11 April 2012 - 09:58 PM

Hi ratman - thanks very much, I will run these two tools in the morning before work, and add the three reports as soon as they're done.

Cait

#4 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 12 April 2012 - 08:54 AM

(btw, I work on a M-F 1700GMT-0100GMT shift, so expect answers timed around those)

As directed:

1)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 09:23:09
-----------------------------
09:23:09.000 OS Version: Windows 5.1.2600 Service Pack 3
09:23:09.000 Number of processors: 2 586 0x4802
09:23:09.000 ComputerName: OWL UserName:
09:23:11.000 Initialize success
09:25:00.609 AVAST engine download error: 0
09:25:18.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:25:18.093 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
09:25:18.109 Disk 0 MBR read successfully
09:25:18.109 Disk 0 MBR scan
09:25:18.109 Disk 0 Windows XP default MBR code
09:25:18.109 Disk 0 MBR hidden
09:25:18.125 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 7000 MB offset 2048
09:25:18.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 145626 MB offset 14338416
09:25:18.171 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 0 MB offset 312580584
09:25:18.171 Disk 0 Partition 3 **SUSPICIOUS**
09:25:18.171 Disk 0 scanning sectors +312581792
09:25:18.609 Disk 0 scanning C:\WINDOWS\system32\drivers
09:25:24.546 Service scanning
09:25:30.328 Service MpKslee390ba8 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{819EE8C6-2863-4565-9DAA-52A70BF901E1}\MpKslee390ba8.sys **LOCKED** 32
09:25:37.593 Modules scanning
09:25:44.703 Disk 0 trace - called modules:
09:25:44.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a738fa9]<<
09:25:44.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a747ab8]
09:25:44.750 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000084[0x8a866260]
09:25:44.765 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a74cd98]
09:25:44.765 \Driver\atapi[0x8a867288] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a738fa9
09:25:44.781 Scan finished successfully
09:26:14.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cait.OWL\Desktop\MBR.dat"
09:26:14.375 The log file has been saved successfully to "C:\Documents and Settings\Cait.OWL\Desktop\aswMBR.txt"

2)

OTL logfile created on: 12/04/2012 9:27:47 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Cait.OWL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.77% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.21 Gb Total Space | 38.01 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: OWL | User Name: Cait | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 09:26:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cait.OWL\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/13 00:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 13:04:16 | 001,339,392 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Nuance\license_manager\components\lmgrd.exe
PRC - [2006/10/14 18:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/08/10 23:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 00:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/13 11:12:44 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/10/14 18:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
MOD - [2006/08/24 16:32:26 | 000,163,840 | ---- | M] () -- C:\WINDOWS\ATK0100\ASUSNet.dll
MOD - [2006/08/10 23:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2004/05/28 11:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616unic.dll -- (vsbus)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MobilityService.dll -- (sscdmdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TcUsb.dll -- (ibmcicstransactiongateway)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmccdsls.dll -- (cpqfws2e)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\apfiltrservice.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msftesql.dll -- (cis1284)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadiagreceiver.dll -- (cidaemon)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\CaitieCat\pev.3XE -- (PEVSystemStart)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/18 14:57:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/19 17:54:58 | 000,135,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NLU Server 3.1\service-launcher.exe -- (NLU Server)
SRV - [2008/03/31 11:14:48 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/01/28 18:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/04/16 13:04:16 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Nuance\license_manager\components\lmgrd.exe -- (NuanceLicensingService)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/10/16 05:42:24 | 000,086,016 | ---- | M] (ScanSoft, Inc.) [Auto | Stopped] -- C:\Program Files\SpeechWorks\OpenSpeech Recognizer\bin\SWIsvcMonitor.exe -- (SWINTService)
SRV - [2005/12/07 15:22:18 | 000,815,104 | ---- | M] (Macrovision Corporation) [Auto | Stopped] -- C:\Program Files\SpeechWorks\OpenSpeech Recognizer\flexlm\components\lmgrd.exe -- (OSR Licensing Service)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cait.OWL\LOCALS~1\Temp\krdpdre.sys -- (krdpdre)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- SYSTEM32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cait.OWL\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Cait.OWL\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/12 09:23:10 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{819EE8C6-2863-4565-9DAA-52A70BF901E1}\MpKslee390ba8.sys -- (MpKslee390ba8)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/04/13 18:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/05/28 12:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/03/07 13:39:48 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 23:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/20 23:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/04/24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/13 12:27:00 | 000,507,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/02/18 00:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2004/05/28 11:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 0C 1E F6 9B 04 CD 01 [binary data]
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: homo_nudus@livejournal.com:9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: copytosemagic@semagic.sourceforge.net:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2008/03/28 10:21:17 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 20:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 02:37:23 | 000,000,000 | ---D | M]

[2010/05/13 09:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cait.OWL\Application Data\Mozilla\Extensions
[2012/04/07 17:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cait.OWL\Application Data\Mozilla\Firefox\Profiles\ygqtdc2n.default\extensions
[2010/04/28 18:28:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cait.OWL\Application Data\Mozilla\Firefox\Profiles\ygqtdc2n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/07 17:40:32 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Cait.OWL\Application Data\Mozilla\Firefox\Profiles\ygqtdc2n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/01/09 00:57:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Cait.OWL\Application Data\Mozilla\Firefox\Profiles\ygqtdc2n.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/17 20:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAIT.OWL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YGQTDC2N.DEFAULT\EXTENSIONS\COPYTOSEMAGIC@SEMAGIC.SOURCEFORGE.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CAIT.OWL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YGQTDC2N.DEFAULT\EXTENSIONS\HOMO_NUDUS@LIVEJOURNAL.COM.XPI
[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/17 14:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/08/09 14:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/08/09 14:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2012/03/13 01:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 01:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 01:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-57989841-682003330-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [Intense Registry Service] C:\WINDOWS\System32\intedreg.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKU\.DEFAULT..\Run: [PC Health Status] C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\kquhqdpi.exe File not found
O4 - HKU\S-1-5-18..\Run: [PC Health Status] C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\kquhqdpi.exe File not found
O4 - HKU\S-1-5-21-57989841-682003330-839522115-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-57989841-682003330-839522115-1003..\Run: [ILO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()
O4 - Startup: C:\Documents and Settings\Cait\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-682003330-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A1864DD-9E19-4246-82EA-854E5B026651}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/22 01:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6127183b-d0e5-11dc-9870-b6d8e26f0b0c}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 09:27:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cait.OWL\Desktop\OTL.exe
[2012/04/12 09:22:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Cait.OWL\Desktop\aswMBR.exe
[2012/04/06 20:57:32 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/04/06 20:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/06 20:52:27 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Cait.OWL\Desktop\mseinstall.exe
[2012/04/06 16:01:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cait.OWL\Desktop\dds.scr
[2012/04/06 15:34:42 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Cait.OWL\Desktop\unhide.exe
[2012/04/06 08:30:01 | 000,000,000 | --SD | C] -- C:\CaitieCat
[2012/04/05 00:54:21 | 000,000,000 | ---D | C] -- C:\flexlm
[2012/04/05 00:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cait.OWL\Application Data\ElevatedDiagnostics
[2012/04/05 00:05:14 | 000,000,000 | ---D | C] -- C:\MATS
[2012/04/04 23:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows PowerShell 1.0
[2012/04/04 23:53:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/04/01 22:40:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/01 22:37:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/01 22:37:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/01 22:37:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/01 22:37:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/01 22:28:04 | 004,453,008 | R--- | C] (Swearware) -- C:\Documents and Settings\Cait.OWL\Desktop\CaitieCat.exe
[2012/04/01 22:19:09 | 002,068,016 | R--- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cait.OWL\Desktop\woobly.exe
[2012/03/30 05:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 05:39:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 05:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/30 05:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/30 05:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2012/03/30 05:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/28 22:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/28 22:45:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2012/03/23 01:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cait.OWL\Application Data\Malwarebytes
[2012/03/23 01:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/03/17 20:39:19 | 015,977,552 | ---- | C] (Mozilla) -- C:\Documents and Settings\Cait.OWL\Desktop\Firefox Setup 11.0.exe
[2012/03/17 19:42:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/17 19:31:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cait.OWL\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 09:26:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cait.OWL\Desktop\OTL.exe
[2012/04/12 09:26:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\MBR.dat
[2012/04/12 09:22:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Cait.OWL\Desktop\aswMBR.exe
[2012/04/12 04:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/12 04:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/04/12 03:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/12 03:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/12 02:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/04/12 02:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/12 01:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/12 01:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/12 00:45:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/12 00:45:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/12 00:18:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/12 00:13:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/12 00:13:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 00:13:28 | 2146,652,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 23:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/11 23:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/11 22:17:47 | 000,476,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 22:17:47 | 000,077,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 22:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 22:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/11 22:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/11 21:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/11 21:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/11 20:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/11 20:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/11 17:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/11 17:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/11 16:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/11 16:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/11 15:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/11 15:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/11 14:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/11 14:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/11 13:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/11 13:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/11 12:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/11 12:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/11 11:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/11 11:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/11 10:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/11 10:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/11 09:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/11 09:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/11 08:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/11 08:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/11 07:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/11 07:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/11 06:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/11 06:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/04/11 05:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/11 05:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/10 19:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/10 19:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/10 18:00:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/10 18:00:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/10 10:51:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/09 21:28:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/08 13:50:21 | 000,149,105 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\TrilliumBookE.pdf
[2012/04/07 21:04:47 | 000,394,559 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Local Settings\Application Data\census.cache
[2012/04/07 21:04:45 | 000,255,876 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Local Settings\Application Data\ars.cache
[2012/04/06 20:54:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/06 20:53:02 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cait.OWL\Desktop\mseinstall.exe
[2012/04/06 18:35:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\0jshrbhe.exe
[2012/04/06 16:01:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Cait.OWL\Desktop\dds.scr
[2012/04/06 16:00:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\defogger_reenable
[2012/04/06 16:00:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\Defogger.exe
[2012/04/06 15:34:38 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Cait.OWL\Desktop\unhide.exe
[2012/04/06 06:59:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/06 03:24:33 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\RKUnhookerLE.EXE
[2012/04/06 02:34:36 | 000,043,565 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\148_rancor.jpg
[2012/04/06 02:33:15 | 021,374,228 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\148_rancor.psd
[2012/04/06 00:07:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/05 00:17:51 | 000,294,222 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\gmer.zip
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/01 22:40:41 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/04/01 22:28:10 | 004,453,008 | R--- | M] (Swearware) -- C:\Documents and Settings\Cait.OWL\Desktop\CaitieCat.exe
[2012/04/01 22:19:23 | 002,068,016 | R--- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cait.OWL\Desktop\woobly.exe
[2012/03/29 06:43:56 | 000,000,890 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012/03/17 20:39:19 | 015,977,552 | ---- | M] (Mozilla) -- C:\Documents and Settings\Cait.OWL\Desktop\Firefox Setup 11.0.exe
[2012/03/17 20:18:14 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\rkill.com
[2012/03/17 20:16:08 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Cait.OWL\Desktop\rkill.exe
[2012/03/17 13:13:59 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/03/17 12:45:48 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\zEVjifFPGYwQCB
[2012/03/17 12:44:06 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~zEVjifFPGYwQCB
[2012/03/17 12:44:06 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~zEVjifFPGYwQCBr
[2012/03/17 12:43:50 | 000,347,136 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\zEVjifFPGYwQCB.exe
[2012/03/14 13:37:20 | 007,084,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 09:26:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\MBR.dat
[2012/04/08 13:50:21 | 000,149,105 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\TrilliumBookE.pdf
[2012/04/06 20:59:12 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 20:53:55 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/06 18:35:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\0jshrbhe.exe
[2012/04/06 17:34:59 | 2146,652,160 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\defogger_reenable
[2012/04/06 16:00:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\Defogger.exe
[2012/04/06 15:48:43 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FMRTE.lnk
[2012/04/06 15:48:43 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mini-FMRTE.lnk
[2012/04/06 15:48:43 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Virtual Earth.lnk
[2012/04/06 15:48:43 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/04/06 15:48:43 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Semagic.lnk
[2012/04/06 15:48:43 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TextPad.lnk
[2012/04/06 15:48:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2012/04/06 15:48:43 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Football Manager 2011.lnk
[2012/04/06 15:48:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/06 15:48:43 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/06 15:48:43 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/06 15:48:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Movie Maker.lnk
[2012/04/06 15:48:42 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN.lnk
[2012/04/06 15:48:41 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HoI3 Army Organizer.exe.lnk
[2012/04/06 15:48:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2012/04/06 15:48:39 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/06 15:48:39 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Acrobat.com.lnk
[2012/04/06 03:24:45 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\RKUnhookerLE.EXE
[2012/04/06 02:34:36 | 000,043,565 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\148_rancor.jpg
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/04/06 01:55:06 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/04/06 01:55:05 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/04/06 01:55:05 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/04/06 01:14:16 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/06 00:36:51 | 021,374,228 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\148_rancor.psd
[2012/04/05 00:18:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\gmer.exe
[2012/04/01 22:37:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/01 22:37:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/01 22:37:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/01 22:37:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/01 22:37:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/30 05:39:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/29 06:43:56 | 000,000,890 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012/03/28 23:18:16 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/28 22:55:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/28 22:55:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/28 22:05:42 | 000,294,222 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\gmer.zip
[2012/03/23 03:06:18 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/17 20:40:01 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/17 20:40:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 20:40:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/03/17 20:18:11 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\rkill.com
[2012/03/17 20:16:04 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Desktop\rkill.exe
[2012/03/17 13:14:02 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk
[2012/03/17 12:44:06 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~zEVjifFPGYwQCB
[2012/03/17 12:44:06 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~zEVjifFPGYwQCBr
[2012/03/17 12:44:02 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\zEVjifFPGYwQCB
[2012/03/17 12:43:49 | 000,347,136 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\zEVjifFPGYwQCB.exe
[2012/02/14 19:56:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 00:12:04 | 000,394,559 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Local Settings\Application Data\census.cache
[2012/01/19 00:11:25 | 000,255,876 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Local Settings\Application Data\ars.cache
[2012/01/19 00:00:06 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cait.OWL\Local Settings\Application Data\housecall.guid.cache
[2011/09/21 18:47:01 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\WS_ATLMovie.dll
[2010/09/29 15:26:29 | 000,103,436 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/20 09:08:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files - Unicode (All) ==========
[2008/04/08 15:30:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Cait.OWL\Application Data\???????sAppData) -- C:\Documents and Settings\Cait.OWL\Application Data\敎潲䍄敔灭慬整sAppData
(C:\Documents and Settings\Cait.OWL\Application Data\???????sAppData) -- C:\Documents and Settings\Cait.OWL\Application Data\敎潲䍄敔灭慬整sAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users.WINDOWS\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV

< End of report >

3)

OTL Extras logfile created on: 12/04/2012 9:27:47 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Cait.OWL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.77% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.21 Gb Total Space | 38.01 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: OWL | User Name: Cait | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-57989841-682003330-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_03\bin\java.exe" = C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Disabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- (Sports Interactive)
"C:\Nuance\V8.5.0\bin\win32\nlm.exe" = C:\Nuance\V8.5.0\bin\win32\nlm.exe:*:Disabled:nlm -- ()
"C:\Nuance\V8.5.0\bin\win32\recserver.exe" = C:\Nuance\V8.5.0\bin\win32\recserver.exe:*:Disabled:recserver -- ()
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows« NetMeeting« -- (Microsoft Corporation)
"C:\Documents and Settings\Cait.OWL\Desktop\WS_FTP\WS_FTP\WS_FTP\WS_FTP95.exe" = C:\Documents and Settings\Cait.OWL\Desktop\WS_FTP\WS_FTP\WS_FTP\WS_FTP95.exe:*:Disabled:WS_FTP 95
"C:\Documents and Settings\Cait.OWL\Desktop\WS_FTP\WS_FTP95.exe" = C:\Documents and Settings\Cait.OWL\Desktop\WS_FTP\WS_FTP95.exe:*:Disabled:WS_FTP 95
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe" = C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Disabled:Cogs Demo -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AB27E24-472A-4483-B076-568D78F17A8F}" = OpenSpeech Recognizer 3.0 - English en-US Language Pack
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F4094A7-027D-4740-A1BE-40D2290E83F4}" = Nuance License Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B474F2-3AB9-4568-B0DF-11CB8C9ADDE2}" = OpenSpeech Recognizer 3.0
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4096A70-AB6D-4dc9-8382-DB2213F861AE}" = Now Playing: A Windows Media Player Plugin
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}" = Nero 7 Essentials
"{BE16293B-829D-4774-A5B3-041BEF6FBF7C}" = OpenSpeech Recognizer 3.0 - Finnish fi-FI Language Pack
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2B9AC7E-EE24-4348-9C17-644F9760D89C}" = Now Playing Plugin for Windows Live Writer
"{C46E0B6C-9E71-4867-98CB-9E397A914619}" = HoI3 Army Organizer v 0.8.75 BETA
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA5DD6E1-B508-4922-815D-479E3228B17A}" = Europa Universalis 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DD697F04-36D3-4DB2-B044-F03EE98762FC}" = OpenSpeech Recognizer 3.0 - English en-GB Language Pack
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Aimersoft M4V Converter_is1" = Aimersoft M4V Converter(Build 1.4.2.1)
"All ATI Software" = ATI - Software Uninstall Utility
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Blender" = Blender (remove only)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CharisSIL" = CharisSIL 4.106
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Democracy 2 Demo_is1" = Democracy 2 Demo
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EOS Utility" = Canon Utilities EOS Utility
"Football Manager 2009" = Football Manager 2009
"Football Manager 2011" = Football Manager 2011
"Freedom Force vs the Third Reich_is1" = Freedom Force vs the Third Reich
"Hcontrol" = ATK0100 ACPI UTILITY
"HP Photo & Imaging" = HP Image Zone 4.2
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Intense Language Office" = Intense Language Office
"ljArchive" = ljArchive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NLU Server 3.1_is1" = NLU Server 3.1
"oggcodecs" = oggcodecs 0.71.0946
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Semagic" = Semagic (remove only)
"Semper Fi_is1" = Semper Fi 2.04
"Shockwave" = Shockwave
"SnagIt7" = SnagIt 7
"SpeedFan" = SpeedFan (remove only)
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"Steam" = Steam
"Steam App 26510" = Cogs Demo
"StrangeEons" = Strange Eons
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TellmeMoreV50" = TeLL me More CJ
"ULTIMATER" = Microsoft Office Ultimate 2007
"Visual Thesaurus 3" = Visual Thesaurus 3
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2012 4:04:43 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/04/2012 4:04:43 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8000

Error - 09/04/2012 4:04:43 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8000

Error - 10/04/2012 4:14:31 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/04/2012 4:14:31 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2094

Error - 10/04/2012 4:14:31 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2094

Error - 12/04/2012 12:16:20 AM | Computer Name = OWL | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 12/04/2012 4:10:46 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/04/2012 4:10:46 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 12/04/2012 4:10:46 AM | Computer Name = OWL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

[ OSession Events ]
Error - 27/01/2008 12:52:27 AM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9513
seconds with 4860 seconds of active time. This session ended with a crash.

Error - 29/10/2008 11:42:20 AM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 105
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/08/2009 1:04:35 PM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 13748 seconds with 5280 seconds of active time. This session ended with
a crash.

Error - 04/12/2009 5:56:00 PM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23989
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 16/05/2010 11:57:37 AM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3883
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/05/2010 1:34:06 PM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/05/2010 1:34:20 PM | Computer Name = OWL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/04/2012 12:45:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 12:45:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At25.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 1:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 1:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At26.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 2:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At27.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 2:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At3.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 3:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At28.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 3:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 4:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At29.job command failed to start due to the following error: %%2147942402

Error - 12/04/2012 4:00:00 AM | Computer Name = OWL | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error: %%2147942402


< End of report >

#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 12 April 2012 - 09:01 AM

Hello CaitieCat ,

I'd like to have a look at your Master Boot Record (MBR)

You will need a USB drive and a clean computer.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

In your next reply, please copy/paste the contents of the following:
  • mbr.zip

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 12 April 2012 - 09:03 AM

Got it - I'm taking the instructions to work, where I can access a clean computer, will run them this evening when I get home.

Is it better to edit the reports into this post, or to make a new one?

#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 12 April 2012 - 09:11 AM

Hi,

Always post a new reply, that way I get a notification that you have replied.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 13 April 2012 - 09:00 PM

Just a quick update - tried a couple of things, but my office computers wouldn't let me download the files. I have a friend arriving on Sunday morning who will have a clean computer, so I will get them onto the USB drive then, and bring the reports back ASAP.

Sorry for the wasted time.

#9 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 14 April 2012 - 05:51 AM

Hi,

You can try downloading onto your computer first to see if it works.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#10 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 April 2012 - 09:08 PM

Brief update: will be running the reports tomorrow evening, after I'm home from work, as I've finally been able to get the files onto a USB stick there. Had to ask IT to open a port for the d/l and let me save it on my work machine, now I just have to remember to take the stick to work...

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 18 April 2012 - 05:39 AM

Thanks for letting me know.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 19 April 2012 - 08:50 AM

Finally! :)

I'm finding I'm a bit unclear - I tried to copy/paste the contents of the ZIP, but only two of them were text files, so I'm taking the other possible interpretation, that you wanted the zip?

Sorry if I've got that wrong, not trying to make it harder for you.

Cait

Attached Files

  • Attached File  mbr.zip   2.33KB   12 downloads


#13 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 20 April 2012 - 12:01 PM

Hi Cait,

Your MBR has been compromised.

I'd like you to load a revised MBR:
  • Please download the attached file mbrfix.txt and save it to your USB drive.
  • With your USB still attached reboot your machine from the xpud cd you burned
  • Press File
  • Expand mnt and click on the folder that represents your USB (typically sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
dd if=mbrfix.txt of=/dev/sda bs=512 count=1
  • Select Home and power off your machine
  • Reboot normally.
Please run another scan with aswMBR and copy/paste it's log in your next reply.

How is your machine running now?

Attached Files


regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#14 CaitieCat

CaitieCat
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 20 April 2012 - 08:30 PM

Hi ratman - I'll have a go at that local morning time, before heading to work tomorrow.

And, in case this is what you meant, the machine's been running generally alright - just still redirecting my Google searches in FF and IE both. Malwarebytes has a running list of things that it's tried to download, and sites it's tried to reach, and so on, but there's very little going wrong at the moment with performance, and given I've shifted to using a new, as-yet-not-mucked-with search engine (duckduckgo), it's not a problem for the most part.

Main issue is, I want to be able to do things like pay my bills, and I'm reluctant to do so on a machine that's potentially compromised.

Cait

Edited by CaitieCat, 20 April 2012 - 08:33 PM.


#15 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:38 PM

Posted 25 April 2012 - 06:12 AM

Hello CaitieCat ,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you are having problems implementing the last fix let me know as there may be other ways to continue.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users