Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email was hacked-contacts in my address book were sent spam email


  • This topic is locked This topic is locked
26 replies to this topic

#1 slacker35

slacker35

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 19 March 2013 - 09:00 PM

Hi guys,

 

'Boopme' had me run MiniToolBox and he wrote that he found "errors and other issues" and he bumped me to this thread.

 

Norton now seems to be removed and the restart was successful w/ out a restore.

 

This is what I wrote in under the from "Am I infected?" thread;

 

 



Been having problems with my laptop running Vista Home premium svc pack2.

One day, a month ago, Norton was not updating properly. Upon the next boot-up windows would not start and I was forced to restart in safe mode with a system restore. This was successful but Norton Security Suite was still not updating properly.
Since then, on a few occasions, I have attempted to uninstall Norton without success thru the program uninstaler. Norton is unresponsive. I even got the Norton rep. to do a remote deletion of all registry files of Norton. But they all returned after the reboot of my PC because windows would not open and I had to start-up thru system restore.

Since then my yahoo email been hacked and spam sent to the contacts of my address book.

I know I got something but I don't know what.. Can anyone take a stab at what I might need to do?

Thanks,
Brian

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Owner at 20:22:53 on 2013-03-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1338 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Users\Owner\Desktop\SASCORE.EXE
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\dlbkcoms.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MSSQLTMS\Binn\sqlservr.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\Owner\AppData\Local\Autobahn\nexdef.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\program files\hp\smart web printing\hpswp_framework.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus CX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibia.exe /fu "c:\windows\temp\E_S31E.tmp" /EF "HKCU"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [SUPERAntiSpyware] c:\users\owner\desktop\SUPERAntiSpyware.exe
uRun: [SanDiskSecureAccess_Manager.exe] c:\users\owner\appdata\roaming\sandisk\SanDiskSecureAccess_Manager.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewire on startup.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexdef plug-in.lnk - c:\users\owner\appdata\local\autobahn\nexdef.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activclient agent.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\service manager.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F73C5ECD-7942-422C-93E7-D684C64EC522} : DHCPNameServer = 192.168.0.1
Filter: text/xml - <Clsid value has no data>
Handler: ms-help - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\users\owner\desktop\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-18 36552]
R2 !SASCORE;SAS Core Service;c:\users\owner\desktop\SASCore.exe [2011-8-11 116608]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-11-27 185896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-3-18 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-3-18 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-18 83944]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
R2 faproct;Circuit City Firedog Advisor ProcessTriggerDriver;c:\windows\system32\drivers\faproct.sys [2007-11-28 6656]
R2 faunidrv;UniDriver for Firedog Advisor;c:\windows\system32\drivers\faunidrv.sys [2007-9-23 7168]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 MSSQL$MSSQLTMS;MSSQL$MSSQLTMS;c:\program files\microsoft sql server\mssql$mssqltms\binn\sqlservr.exe -smssqltms --> c:\program files\microsoft sql server\mssql$mssqltms\binn\sqlservr.exe -sMSSQLTMS [?]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 firedogAdvisorSrvHost;firedogAdvisorSrvHost;c:\program files\firedog advisor\firedogAdvisorSrvHost.exe [2007-12-24 312328]
S3 Reflex USB V3 Smart card reader;Reflex USB V3 Smart card reader;c:\windows\system32\drivers\RCCIDW2K.sys [2006-5-24 46848]
S3 SCRx31 USB Reader;SCRx31 USB Reader;c:\windows\system32\drivers\stc2.sys [2009-6-14 56320]
S3 SQLAgent$MSSQLTMS;SQLAgent$MSSQLTMS;c:\program files\microsoft sql server\mssql$mssqltms\binn\sqlagent.exe -i mssqltms --> c:\program files\microsoft sql server\mssql$mssqltms\binn\sqlagent.EXE -i MSSQLTMS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-18 23:55:29 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2013-03-18 23:49:42 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-18 23:49:42 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-18 23:49:41 -------- d-----w- c:\programdata\Avira
2013-03-18 23:49:41 -------- d-----w- c:\program files\Avira
2013-03-17 18:24:27 26699732 ----a-w- C:\backup reg.reg
2013-03-16 00:38:03 7520056 ----a-w- c:\windows\system32\ZALSDKCore.dll
2013-03-15 22:47:41 -------- d-----w- c:\users\owner\appdata\local\LogMeIn Rescue Applet
.
==================== Find3M  ====================
.
.
============= FINISH: 20:23:31.52 ===============

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 22 March 2013 - 08:24 AM

Greetings Brian and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 22 March 2013 - 08:45 AM

Hi Brian,

I have reviewed both logs. Can you tell me if you are having difficulties with Internet Explorer? Can you describe any issues you are currently experiencing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 22 March 2013 - 02:19 PM

Hi Gary,

   Thank you for your help.

 

No, right now I am not having any difficulty w/ internet explorer. I also seem to not be having any other overt issues.

 

Do you see anything abnormal in my text logs?

 

Thanks again,

Brian



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 22 March 2013 - 02:36 PM

There are a series of Internet Explorer related entries but if you are not having any difficulties with that we will leave it alone.

Please run this program for me. It will give us a more detailed picture of the state of your computer.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 22 March 2013 - 03:45 PM

OTL logfile created on: 3/22/2013 3:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 23.38% Memory free
6.18 Gb Paging File | 3.59 Gb Available in Paging File | 58.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 121.60 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.69 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive E: | 3.98 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/22 15:22:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/03/18 18:47:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/18 18:46:33 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/03/18 18:46:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/18 18:46:26 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/31 19:26:57 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/07/29 21:58:46 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Owner\Desktop\SASCore.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\nexdef.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/27 18:11:20 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/27 18:11:20 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/27 18:11:18 | 000,128,552 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2007/11/27 18:11:16 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/06/25 21:17:04 | 000,537,840 | ---- | M] ( ) -- C:\Windows\System32\dlbkcoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Owner\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/12/19 21:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 21:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 21:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 21:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 21:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/11/27 18:11:18 | 000,114,688 | ---- | M] () -- C:\Windows\System32\aicext.dll
MOD - [2007/09/13 10:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/18 18:47:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/18 18:46:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Users\Owner\Desktop\SASCore.exe -- (!SASCORE)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/24 17:27:24 | 000,312,328 | ---- | M] () [Auto | Stopped] -- C:\Program Files\firedog advisor\firedogAdvisorSrvHost.exe -- (firedogAdvisorSrvHost)
SRV - [2007/11/27 18:11:20 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/06/25 21:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\Owner\Desktop\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\Owner\Desktop\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/03/18 18:47:57 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/03/18 18:47:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/03/18 18:47:56 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/18 18:47:55 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/04 04:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/28 19:28:04 | 000,006,656 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\faproct.sys -- (faproct)
DRV - [2007/10/01 10:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/23 18:42:24 | 000,007,168 | --S- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\faunidrv.sys -- (faunidrv)
DRV - [2007/08/08 22:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/28 10:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 07:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/05/24 17:25:14 | 000,046,848 | ---- | M] (Axalto) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RCCIDW2K.sys -- (Reflex USB V3 Smart card reader)
DRV - [2002/07/03 21:32:02 | 000,056,320 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stc2.sys -- (SCRx31 USB Reader)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {EA7C8ACD-C678-4779-A514-E2D84671CBD8}
IE - HKLM\..\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{EA7C8ACD-C678-4779-A514-E2D84671CBD8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes,DefaultScope = {6726CE39-B9A2-4940-8041-533B02AAD580}
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes\{6726CE39-B9A2-4940-8041-533B02AAD580}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes\{EA7C8ACD-C678-4779-A514-E2D84671CBD8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes\Comcast: "URL" = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2012/07/18 21:39:37 | 000,000,000 | ---D | M]
 
[2010/03/05 00:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/03/05 00:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000..\Run: [EPSON Stylus CX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000..\Run: [SUPERAntiSpyware] C:\Users\Owner\Desktop\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Owner\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..Trusted Domains: osd.mil ([dtsproweb.defensetravel] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73C5ECD-7942-422C-93E7-D684C64EC522}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Users\Owner\Desktop\SASWINLO.DLL) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Users\Owner\Desktop\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:57:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{edb941da-82c5-11dd-9fb5-001d7268da60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/22 15:22:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/19 20:21:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2013/03/18 18:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2013/03/18 18:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/18 18:49:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/03/18 18:49:42 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/03/18 18:49:42 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/03/18 18:49:42 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/03/18 18:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/18 18:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/03/15 19:38:03 | 007,520,056 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\ZALSDKCore.dll
[2013/03/15 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/22 15:22:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/22 13:33:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/21 22:41:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 22:41:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 20:21:53 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2013/03/18 18:49:52 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/03/18 18:47:57 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/03/18 18:47:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/03/18 18:47:56 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/03/18 18:47:55 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/03/18 18:43:46 | 000,640,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/18 18:43:46 | 000,119,198 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/18 18:36:32 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013/03/18 18:35:55 | 3209,056,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 13:24:28 | 026,699,732 | ---- | M] () -- C:\backup reg.reg
[2013/03/15 20:14:59 | 111,529,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/23 16:39:09 | 011,915,264 | ---- | M] () -- C:\Users\Public\Documents\Quicken good2-2013-02-23.QDF-backup
 
========== Files Created - No Company Name ==========
 
[2013/03/18 18:49:52 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/03/17 13:24:27 | 026,699,732 | ---- | C] () -- C:\backup reg.reg
[2013/03/15 20:15:06 | 3209,056,256 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/23 16:39:09 | 011,915,264 | ---- | C] () -- C:\Users\Public\Documents\Quicken good2-2013-02-23.QDF-backup
[2012/04/06 21:30:48 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/05/18 23:20:03 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/08/28 07:34:04 | 000,006,540 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/09/30 10:38:08 | 000,000,810 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/09/14 16:09:03 | 000,053,760 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 16:08:46 | 000,023,888 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/09/14 16:06:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

 

 

 

OTL Extras logfile created on: 3/22/2013 3:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 23.38% Memory free
6.18 Gb Paging File | 3.59 Gb Available in Paging File | 58.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 121.60 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.69 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive E: | 3.98 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30E66498-EF29-45AF-A00B-EC82051093BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{43290439-06CC-4DB2-BC60-B8F05E938696}" = lport=137 | protocol=17 | dir=in | app=system |
"{53C1FDA9-16BF-4287-BABF-9C37EDB37F55}" = rport=138 | protocol=17 | dir=out | app=system |
"{5511BE69-0B61-435D-933C-750275BD616B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{58033390-1F49-4260-929D-B9CB6C47D3F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{634443A1-0BEB-418D-8499-BAFA201A856D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{72A82E8E-C65A-4CC2-B81A-FEB2F9F00D08}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{7EEA9F6A-E88A-4382-93DC-BF8BD9FC9929}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{7F711856-0962-42FD-B1AB-00FD0DFD3516}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{966B6112-7077-4B3B-821C-17461287047D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9735B6C4-FF79-4E1E-854D-C08A32C3B35B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D76EB88-2C15-4DC6-B388-9D29806709A6}" = lport=445 | protocol=6 | dir=in | app=system |
"{A301128D-9BA1-4694-A320-EB56CD9B006D}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4A99820-7AF6-4287-AA0F-00E52FBF29E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF4DABC7-0424-4877-B0F4-96D516170956}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1679DBCA-D785-4289-9154-AD0D7DF39B24}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{1AC6A8C7-7C93-41DB-AFF8-D2DDCFFE20A8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2068CB7E-F352-4121-8C01-A9E4F7F05F3D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{24D5985F-212F-401C-BA35-261D994C2202}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{26DBE8A1-3F3E-4C71-8049-DDB32952D853}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{31E97745-80FB-4B9D-A1AD-A14586E9EC6B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{34862F78-660F-4F94-88B1-B54B9A2B7D8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{34BCFD6A-0106-46DF-BFAC-0C2F50ACC2A0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{384C4849-5BEC-4C9C-8F93-6C387EB82AAA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3F08D5A9-9F22-4055-ADF7-F78D63818AC2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46FBE70E-5077-4B48-A30F-74A492247CCD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B1CFA28-D2A7-47A2-9E15-1A34AF16295D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B72BB48-08A1-4E1D-BB83-87C13054C90F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6426AB01-1AEB-4B2E-B9E8-7D7C556C553E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7055EFAE-7D22-4F87-B68C-BE56204F0117}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{775DD391-F5FA-438D-9187-80F009EF848A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8FF51267-188C-4E67-9EA7-B8ED02CAA117}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9D90E205-20D7-4E58-A6D8-7A9BDBFC6D9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9F497C0E-C6D3-4DC4-BD8C-A248C8AA684D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9F7C0B1D-70ED-4C62-B303-0B8BD3B6B874}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B55BE246-05F3-4FF6-A85A-CDDDA42FA7A4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C060A438-FB1B-4D63-ACBC-C7500F1CAE5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC6DB661-4E33-4358-BDFF-92E8CDD4C556}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F176C1E9-6984-48A5-8227-5B7AA2DEF5E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F77D900E-11BB-4ADC-9D92-0DE680349AFD}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F8996BC7-40F4-4438-A8D2-7355D49207E8}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"TCP Query User{EB1405E6-2997-423D-B1B4-B7E10C75A597}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F34ED4B9-447C-4DCF-886E-E766247C8294}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{35599970-EAA2-012B-ACE9-000000000000}" = TurboTax 2009 waliper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4B445837-4FD0-468D-9CAA-7AA605EA612B}" = OLYMPUS Master 2
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{510DE38F-8FEC-4AFE-8C8C-8095C55C1DDC}" = TurboTax 2011 waliper
"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66DAE93A-9A8A-4B94-9FBF-5B78EF34C2EC}" = TurboTax 2011 wmsiper
"{689E15D3-E10C-4CDA-852E-1776D1B7266A}" = TMS on CD-ROM
"{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{84BC4E89-97BB-41A3-9254-06E7C675B945}" = TurboTax 2010 wmsiper
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9D459B94-7E90-46A5-B76B-5A712E7A3529}" = TurboTax 2010 waliper
"{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9EE04322-6399-4010-83C1-67BC022B9BE8}" = firedog advisor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 AFR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MSSQLTMS)
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6ABA3523-4F11-4787-8839-C249BBF0B8D1}" = Rosetta Stone 2.2.0.0A
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.5
"LimeWire" = LimeWire 5.4.8
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money 2007
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Business 2010" = TurboTax Business 2010
"TurboTax Business 2011" = TurboTax Business 2011
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3012788864-1816298519-2057959149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"GoToMeeting" = GoToMeeting 5.3.0.977
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/17/2013 8:40:57 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x8aac, application start time
 0x01ce2370ff2d0970.
 
Error - 3/17/2013 10:45:52 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0xf040, application start time
 0x01ce237ede8af840.
 
Error - 3/17/2013 10:46:25 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x10aa0, application start
time 0x01ce2382b80902d0.
 
Error - 3/17/2013 10:47:01 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x10c88, application start
time 0x01ce2382c971dbf0.
 
Error - 3/17/2013 10:48:25 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x10a0c, application start
time 0x01ce2382b46fceb0.
 
Error - 3/17/2013 10:52:49 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x11010, application start
time 0x01ce23830fa3e410.
 
Error - 3/18/2013 7:24:47 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x08e40a00,  process id 0x14e94, application start
time 0x01ce242effe38740.
 
Error - 3/18/2013 7:26:59 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x1d2b5128,  process id 0x154e8, application start
time 0x01ce242fc7747cb0.
 
Error - 3/18/2013 7:28:40 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x1d2b5128,  process id 0x15a14, application start
time 0x01ce24301d718c70.
 
Error - 3/18/2013 7:30:04 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x1d2b5128,  process id 0x15de8, application start
time 0x01ce24306f90fc70.
 
Error - 3/18/2013 7:31:39 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
 0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x1d2b5128,  process id 0x16048, application start
time 0x01ce2430866f14e0.
 
[ Media Center Events ]
Error - 3/20/2009 4:26:23 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ System Events ]
Error - 8/15/2009 4:33:30 PM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =
 
Error - 8/15/2009 4:34:05 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/17/2009 2:33:49 AM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =
 
Error - 8/17/2009 2:34:00 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/18/2009 10:35:55 AM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =
 
Error - 8/18/2009 10:36:06 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/18/2009 10:44:18 AM | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 8/18/2009 10:46:29 AM | Computer Name = Laptop | Source = HTTP | ID = 15016
Description =
 
Error - 8/18/2009 10:46:42 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 8/24/2009 3:36:25 PM | Computer Name = Laptop | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the Network Card with network address 001D7268DA60.
 
 
< End of report >
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 22 March 2013 - 09:25 PM

Greetings,

We are going to clean up some miscellaneous entries. I would also like to provide you with the following caution.

I would also like you to consider some information about Peer 2 Peer downloads which is one of the primary methods by which computers are infected, with potentially devastaing results.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Limewire installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================


Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\Owner\Desktop\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\Owner\Desktop\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
IE - HKLM\..\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes,DefaultScope = {6726CE39-B9A2-4940-8041-533B02AAD580}
IE - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-3012788864-1816298519-2057959149-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Users\Owner\Desktop\SASWINLO.DLL) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Users\Owner\Desktop\SASSEH.DLL File not found
O33 - MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{edb941da-82c5-11dd-9fb5-001d7268da60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
:Commands
[emptytemp]
[emptyjava]
[emptyflash]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • OTL log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 March 2013 - 03:18 PM

Gary,

   I uninstalled Limewire. However, there still remains a Limewire icon on my desktop.

Below is the OTL report.

 

 

 

 

All processes killed
========== OTL ==========
Error: No service named Symc8xx was found to stop!
Service\Driver key Symc8xx not found.
File C:\Windows\system32\drivers\symc8xx.sys not found.
Error: No service named Sym_u3 was found to stop!
Service\Driver key Sym_u3 not found.
File C:\Windows\system32\drivers\sym_u3.sys not found.
Error: No service named Sym_hi was found to stop!
Service\Driver key Sym_hi not found.
File C:\Windows\system32\drivers\sym_hi.sys not found.
Error: No service named SASKUTIL was found to stop!
Service\Driver key SASKUTIL not found.
File C:\Users\Owner\Desktop\SASKUTIL.SYS not found.
Error: No service named SASDIFSV was found to stop!
Service\Driver key SASDIFSV not found.
File C:\Users\Owner\Desktop\SASDIFSV.SYS not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\Users\Owner\AppData\Local\Temp\mbr.sys not found.
Error: No service named keycrypt was found to stop!
Service\Driver key keycrypt not found.
File system32\DRIVERS\KeyCrypt32.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named AntiLog32 was found to stop!
Service\Driver key AntiLog32 not found.
File C:\Windows\system32\drivers\AntiLog32.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}\ not found.
HKEY_USERS\S-1-5-21-3012788864-1816298519-2057959149-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3012788864-1816298519-2057959149-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C02DBE7-CF3C-4679-865F-05029F1C6DDB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3012788864-1816298519-2057959149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b41b321-0200-11de-81c4-00215c13c8f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b41b321-0200-11de-81c4-00215c13c8f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b41b321-0200-11de-81c4-00215c13c8f9}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb941da-82c5-11dd-9fb5-001d7268da60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edb941da-82c5-11dd-9fb5-001d7268da60}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 23 March 2013 - 06:15 PM

Greetings,

Can you tell me if you selected Run Fix after copy/paste in the Custom Scan box?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 March 2013 - 07:36 PM

Yes, I selected run fix. However, after the first attampt my computer locked-up forcing me to restart. On the second attempt it went to completion, rebooted, and then gave me the report in my last post.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 23 March 2013 - 07:47 PM

OK, that explains things. It actually worked the first time and that is why we received all of the "not found" entries.

Please complete the following for me, if you would.

===================================================

Everything Search Engine

--------------------

Everything Search is a small program that provides a fast and thorough search of your computer. I am having you use this program to be certain a thorough search is conducted. I recommend keeping this program as your computer search tool. Once installed you will see an icon placed on the taskbar near the time. Once we are finished, if you choose not to continue to use this program simply delete it through Add/Remove programs.
  • Download Everything Search and save it to your desktop
  • Double click the icon and select Run
  • Click Next, then Next
  • Click Install, then Finish
  • In the pop up screen that appears type the following and press Enter

Limewire

  • You can right click and delete any entries you find
===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    ===================================================

    ESET Online Scanner

    --------------------

    I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
    • Click the Back button.
    • Click the Finish button.
    ===================================================

    Things I would like to see in your next reply. :thumbsup2:
    • Were you able to remove Limewire entries?
    • Malwarebytes log
    • ESET log
    • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 24 March 2013 - 11:57 PM

Gary,

I seem to have been able to remove limewire entries.

Below are the malwarebytes log and the ESET log.

And I also don't seem to be expiriencing any other issues.

 

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.24.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: LAPTOP [administrator]

3/24/2013 2:29:57 PM
mbam-log-2013-03-24 (14-29-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205829
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
 



#13 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 March 2013 - 06:46 AM

Gary,

   I also want to mention that there are two programs/files that I have been unable to delete.

They are SASCore and SASCTXMN.DLL. They are left over from an issue that I was having a year ago that you guys helped me with.

 

I don't know what they are but you probably recognize them. All I know is that I am unable to remove the icons off my desktop.

 

what do you think?

 

Brian



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 PM

Posted 25 March 2013 - 08:02 AM

Hi Brian,

I have just started recommending the use of Everything Search because it seems very simple to use. Can I trouble you to give me some feedback about what you thought of using that program? Did you find it easy to install, search, and delete files/folders?

The two entries are related to SUPERAntiSpyware. Please download and run this uninstaller for 32 bit systems.

 

Let me know if you find success.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 slacker35

slacker35
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 March 2013 - 02:59 PM

Gary,

    "Can you touble me?" c-mon!!

It's the least I can do!


Everything Search was easy to install and I was surprised how fast the search results popped up.. I'll probably leave it installed.

 

The uninstaller worked--Thank you


Also-- do you guys have a paypal account or something that I could use to send something to help the cause?

 

Brian






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users