-
February 12th, 2013, 11:21 AM
#1
[RESOLVED] Delete Mixdj toolbar
I made the mistake of downloading a free program and with it came a nightmare of a toolbar. It's listed as, "Mixdj Community". I had used Revo to monitor the installation of the free program and later removed it but the toolbar remains. I then deleted the Firefox browser, but retained the personal settings and bookmarks. When I re-installed Firefox the toolbar showed up with it. I also did a System Restore to a date prior to this event but it did not solve this issue. There is no mention of "Mixdj" in the Registry or in Services. I can turn off the toolbar with the selection in the Firefox "View" tab, but I'd prefer to just get rid of any reference to it. Running Firefox v 18.0.2.
System info:
System Board: ECS K7S5A
Chipset: SiS 735
CPU: AMD @ 1200 MHz
System Memory: 4x1024MB (DDR SDRAM)
Bios: AMI (11/21/01)
Video: onboard
Audio: Creative SB Live!
Op System: Win XP - Pro SP3 with all updates
Any thoughts on the subject will be appreciated. Thanks for looking.
-
February 12th, 2013, 02:02 PM
#2
Sometimes these "bonus" addon apps are as difficult as malware to remove. Actually I would call them malware.
Follow these instructions..
http://discussions.virtualdr.com/sho...ated-1-1-2012)
I will move this thread to our malware removal forum for further instructions once your scan results are pasted below.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
February 12th, 2013, 06:31 PM
#3
Running scans this evening. Will post results in the am. Thank you for the response.
-
February 13th, 2013, 10:39 AM
#4
Complete initial scan using Avast. Screen shot of log file is attached. Virus titled "index.php1317077744" was found and deleted. Next Avast did a complete Boot area scan and did not discover any issues. Will proceed with Malwarebytes, MBR.exe and DDS and update this post. Thanks once again for the help.Attachment 11087
-
February 13th, 2013, 01:06 PM
#5
Below are log files as directed. (For futures, should these be zipped?)
Mbam log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.13.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Bobby :: RPOPPER [administrator]
2/13/2013 10:12:54 AM
mbam-log-2013-02-13 (10-12-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279742
Time elapsed: 7 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------
aswMBR log
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-13 10:30:17
-----------------------------
10:30:17.796 OS Version: Windows 5.1.2600 Service Pack 3
10:30:17.796 Number of processors: 2 586 0x403
10:30:17.796 ComputerName: RPOPPER UserName: Bobby
10:30:18.937 Initialize success
10:30:19.078 AVAST engine defs: 13021300
10:30:29.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
10:30:29.875 Disk 0 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
10:30:29.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-22
10:30:29.875 Disk 1 Vendor: Maxtor_6L200S0 BACE1G10 Size: 194481MB BusType: 3
10:30:29.890 Disk 0 MBR read successfully
10:30:29.890 Disk 0 MBR scan
10:30:29.890 Disk 0 Windows XP default MBR code
10:30:29.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 79874 MB offset 63
10:30:29.890 Disk 0 Partition - 00 0F Extended LBA 110904 MB offset 163583280
10:30:29.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50003 MB offset 163583343
10:30:29.906 Disk 0 Partition - 00 05 Extended 60900 MB offset 265991040
10:30:29.921 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60900 MB offset 265991103
10:30:29.921 Disk 0 scanning sectors +390715920
10:30:29.968 Disk 0 scanning C:\WINDOWS\system32\drivers
10:30:35.781 Service scanning
10:30:45.515 Modules scanning
10:30:49.890 Disk 0 trace - called modules:
10:30:49.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
10:30:49.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae21ab8]
10:30:49.921 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8ae25d98]
10:30:50.375 AVAST engine scan C:\WINDOWS
10:30:59.718 AVAST engine scan C:\WINDOWS\system32
10:32:44.953 AVAST engine scan C:\WINDOWS\system32\drivers
10:32:55.265 AVAST engine scan C:\Documents and Settings\Bobby
10:33:36.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bobby\Desktop\MBR.dat"
10:33:36.015 The log file has been saved successfully to "C:\Documents and Settings\Bobby\Desktop\aswMBR.txt"
------------------------------------------------------------
DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17117 BrowserJavaVersion: 10.5.1
Run by Bobby at 10:41:20 on 2013-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2535 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
F:\Program Files\AVAST Software\Avast\afwServ.exe
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
F:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\hpzipm12.exe
F:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\alg.exe
F:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\HP\KBD\KBD.EXE
F:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Apple\Internet Services\ubd.exe
F:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\program files\avast software\avast\aswWebRepIE.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MobileDocuments] f:\program files\common files\apple\internet services\ubd.exe
uRun: [iCloudServices] f:\program files\common files\apple\internet services\iCloudServices.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [Acrobat Assistant 7.0] "f:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Adobe Version Cue CS2] f:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [avast] "f:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] f:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Convert link target to Adobe PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
TCP: NameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{8EA746ED-B0C5-4BE8-8F4A-08E8453844AD} : DHCPNameServer = 192.168.1.1 68.237.161.12
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2t35kvq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN40457928621118717
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN40457928621118717&UM=UM_ID&q=
FF - plugin: c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2t35kvq8.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2t35kvq8.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
FF - ExtSQL: 2013-02-08 21:06; {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}; c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2t35kvq8.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-1-11 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-1-11 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-1-11 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-25 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-11 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-11 21256]
R2 avast! Antivirus;avast! Antivirus;f:\program files\avast software\avast\AvastSvc.exe [2012-1-11 44808]
R2 avast! Firewall;avast! Firewall;f:\program files\avast software\avast\afwServ.exe [2012-1-11 133912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-2-4 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-2-4 8456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-3 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-09 20:36:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-09 20:13:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-02-09 20:13:21 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-31 16:34:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-31 16:34:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 17:56:30 -------- d-----w- C:\Programme
2013-01-17 20:51:36 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2013-01-31 16:34:01 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-31 16:34:01 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-12-26 20:43:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-12-26 20:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2012-12-25 23:12:06 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-12-23 20:32:54 3445 ----a-w- c:\windows\system32\drivers\U3SHLPDR.SYS
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:41:56.06 ===============
------------------------------------------------------------------
attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2011 11:19:34 AM
System Uptime: 2/13/2013 8:29:07 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 43.559 GiB free.
D: is FIXED (NTFS) - 78 GiB total, 32.312 GiB free.
E: is FIXED (NTFS) - 49 GiB total, 40.748 GiB free.
F: is FIXED (NTFS) - 49 GiB total, 35.653 GiB free.
G: is FIXED (NTFS) - 59 GiB total, 21.978 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (CDFS)
L: is Removable
M: is FIXED (NTFS) - 63 GiB total, 21.872 GiB free.
P: is CDROM ()
Q: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1141: 1/12/2013 1:38:20 PM - System Checkpoint
RP1142: 1/13/2013 2:15:48 PM - System Checkpoint
RP1143: 1/14/2013 2:56:48 PM - System Checkpoint
RP1144: 1/15/2013 4:19:15 PM - System Checkpoint
RP1145: 1/15/2013 8:35:03 PM - Software Distribution Service 3.0
RP1146: 1/16/2013 8:55:56 PM - System Checkpoint
RP1147: 1/17/2013 3:52:28 PM - Installed Microsoft Office Excel Viewer
RP1148: 1/18/2013 5:45:03 PM - System Checkpoint
RP1149: 1/18/2013 8:30:15 PM - Software Distribution Service 3.0
RP1150: 1/19/2013 2:14:41 PM - Software Distribution Service 3.0
RP1151: 1/20/2013 2:31:18 PM - System Checkpoint
RP1152: 1/21/2013 7:15:34 PM - System Checkpoint
RP1153: 1/23/2013 11:05:39 AM - System Checkpoint
RP1154: 1/29/2013 6:46:45 PM - System Checkpoint
RP1155: 1/30/2013 10:29:13 PM - Revo Uninstaller Pro's restore point - AoA DVD Copy
RP1156: 1/30/2013 11:17:36 PM - Revo Uninstaller Pro's restore point - AoA DVD Copy
RP1157: 1/30/2013 11:21:14 PM - Restore Operation
RP1158: 1/31/2013 11:33:19 AM - Removed Java(TM) 7 Update 5
RP1159: 1/31/2013 11:33:55 AM - Installed Java 7 Update 11
RP1160: 2/1/2013 7:50:08 PM - System Checkpoint
RP1161: 2/3/2013 6:36:19 PM - System Checkpoint
RP1162: 2/4/2013 7:36:58 PM - System Checkpoint
RP1163: 2/5/2013 8:08:13 PM - System Checkpoint
RP1164: 2/7/2013 7:09:20 PM - System Checkpoint
RP1165: 2/8/2013 7:34:42 PM - System Checkpoint
RP1166: 2/9/2013 1:42:07 PM - Revo Uninstaller Pro's restore point - Iminent
RP1167: 2/9/2013 1:45:30 PM - Revo Uninstaller Pro's restore point - MixiDJ Toolbar
RP1168: 2/9/2013 1:49:36 PM - Revo Uninstaller Pro's restore point - Free M4A WAV to MP3 Audio Converter
RP1169: 2/9/2013 1:54:13 PM - Revo Uninstaller Pro's restore point - MixiDJ Toolbar
RP1170: 2/9/2013 1:56:09 PM - Revo Uninstaller Pro's restore point - Coupon Companion Plugin
RP1171: 2/9/2013 3:12:15 PM - Restore Operation
RP1172: 2/9/2013 3:30:59 PM - Revo Uninstaller Pro's restore point - Mozilla Firefox 18.0.2 (x86 en-US)
RP1173: 2/10/2013 10:05:00 AM - System Checkpoint
RP1174: 2/11/2013 11:46:06 AM - System Checkpoint
RP1175: 2/12/2013 1:14:00 PM - System Checkpoint
RP1176: 2/13/2013 3:00:20 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader XI (11.0.01)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AoA DVD Copy
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
avast! Internet Security
Bing Bar Platform
Bonjour
Brother HL-3040CN
CDBurnerXP
CopyTrans Suite Remove Only
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EASEUS Partition Master 9.1.0 Home Edition
Enhanced Multimedia Keyboard Solution
Express Rip
Gateway Advanced Setup 1.11
GnuWin32: OpenSSL-0.9.8h-1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
hp LaserJet-all-in-one
HP Photo Creations
HP Update
iCloud
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 11
Java Auto Updater
JavaFX 2.1.1
LaserAIO
LastPass (uninstall only)
Logitech Harmony Remote
Logitech Harmony Remote Software 7
LSI PCI Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
Matrix-ks
Microlife BPA 3.2 English
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Design 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft BlueScreenView
Norton PartitionMagic
Norton PartitionMagic 8.0
Orca
PHP 5.3.10
PowerDVD
PrimoPDF -- brought to you by Nitro PDF Software
PS2
Python 3.2.3
QFolder
QuarkXPress 5.0
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Replay Music
Revo Uninstaller Pro 2.5.9
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sound Blaster Live!
StuffIt Deluxe
Suite Specific
SyncCell 3.1
TrueCrypt
TweakNow SecureDelete
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wacom Tablet Driver
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
XnConvert 1.51
.
==== Event Viewer Messages From Past Week ========
.
2/6/2013 8:04:38 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
2/6/2013 8:04:38 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL. Reference error message: The operation completed successfully. .
2/6/2013 8:04:38 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
2/6/2013 5:45:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/6/2013 4:30:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL. Reference error message: The operation completed successfully. .
2/6/2013 4:30:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL. Reference error message: The operation completed successfully. .
2/6/2013 3:41:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TabletService service.
2/10/2013 8:16:03 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
2/10/2013 8:16:03 AM, error: SideBySide [59] - Generate Activation Context failed for F:\Program Files\AVAST Software\Avast\defs\13021000\aswEngin.dll. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================
Thanks for review this information.
-
February 17th, 2013, 12:08 PM
#6
Broni, computer seems to be fine, but I received a message stating that my version of Java is insecure. BTW...when I did a serch on "Java" I received a listing in excess of 150 related files. Does it make any sense to completely remove Java with the Revo uninstaller and then attempt a new installation. (My browser is Firefox 18.0.2). Please advise. Thank you.
-
February 13th, 2013, 01:12 PM
#7
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=============================
- Download RogueKiller on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
=============================
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
-
February 13th, 2013, 02:24 PM
#8
Rogue Killer 1
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Bobby [Admin rights]
Mode : Scan -- Date : 02/13/2013 12:34:30
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : UpdReg (C:\WINDOWS\Updreg.exe) [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Documents and Settings\Administrator\NTUSER.DAT
-> D:\Documents and Settings\All Users\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\Guest\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\M Honey\NTUSER.DAT
-> D:\Documents and Settings\M Honey(3)\NTUSER.DAT
-> D:\Documents and Settings\meri\NTUSER.DAT
-> D:\Documents and Settings\mspopps\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\rpopper\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3200822AS +++++
--- User ---
[MBR] 4471e6e11e83ccc5c3d0b909e6110a66
[BSP] a1d4fa60cbac99dc603e3bb8091e45f2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 79874 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163583280 | Size: 110904 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Maxtor 6L200S0 +++++
--- User ---
[MBR] f38f693cedd553c7f0cbe6ff2cdad997
[BSP] 95ea62dac8789401fbb7cac098747417 : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163840320 | Size: 114477 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02132013_02d1234.txt >>
RKreport[1]_S_02132013_02d1234.txt
Rogue Killer 2
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Bobby [Admin rights]
Mode : Remove -- Date : 02/13/2013 12:36:46
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : UpdReg (C:\WINDOWS\Updreg.exe) [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Documents and Settings\Administrator\NTUSER.DAT
-> D:\Documents and Settings\All Users\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\Guest\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\M Honey\NTUSER.DAT
-> D:\Documents and Settings\M Honey(3)\NTUSER.DAT
-> D:\Documents and Settings\meri\NTUSER.DAT
-> D:\Documents and Settings\mspopps\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\rpopper\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3200822AS +++++
--- User ---
[MBR] 4471e6e11e83ccc5c3d0b909e6110a66
[BSP] a1d4fa60cbac99dc603e3bb8091e45f2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 79874 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163583280 | Size: 110904 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Maxtor 6L200S0 +++++
--- User ---
[MBR] f38f693cedd553c7f0cbe6ff2cdad997
[BSP] 95ea62dac8789401fbb7cac098747417 : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163840320 | Size: 114477 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_02132013_02d1236.txt >>
RKreport[1]_S_02132013_02d1234.txt ; RKreport[2]_D_02132013_02d1236.txt
-------------------------------------------------------------------------------
I was unable to run MBAR.exe. Error message referred to a missing .dll; but it was present in the same folder, (after files were unzipped.) "Missing" dll was listed as: QtGui4.dll.
-
February 13th, 2013, 02:54 PM
#9
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
- Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
- XP: http://support.microsoft.com/kb/948247
===========================
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
February 13th, 2013, 06:30 PM
#10
Here is Combofix log:
ComboFix 13-02-13.02 - Bobby 02/13/2013 17:07:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2680 [GMT -5:00]
Running from: c:\documents and settings\Bobby\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bobby\WINDOWS
C:\install.exe
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\XXX_ps2.bat
.
.
((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-09 20:36 . 2013-02-09 20:36 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-09 20:13 . 2013-02-09 20:13 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-31 16:34 . 2013-01-31 16:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-31 16:34 . 2013-01-31 16:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-30 14:51 . 2013-02-01 23:59 -------- d-----w- c:\documents and settings\Bobby\Application Data\dvdcss
2013-01-22 17:56 . 2013-01-22 17:56 -------- d-----w- C:\Programme
2013-01-17 20:51 . 2013-01-17 20:51 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-31 16:34 . 2012-08-03 00:17 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-31 16:34 . 2012-01-11 15:43 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2008-04-14 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-12-25 23:12 . 2012-12-25 23:12 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-12-23 20:32 . 2012-12-23 20:32 3445 ----a-w- c:\windows\system32\drivers\U3SHLPDR.SYS
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-09-23 16:43 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="f:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="f:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="f:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Version Cue CS2"="f:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2011-03-25 3618160]
"avast"="f:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-4-3 25214]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Harmony Monitor.lnk
backup=c:\windows\pss\Harmony Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-04 22:58 856064 ----a-w- f:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2005-09-21 19:32 2807808 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 12:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 13:03 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2004-10-25 19:17 90112 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 23:42 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-21 14:24 86016 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2005-04-08 16:18 151552 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-05-20 16:37 188416 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\Program Files\\FTP Commander\\Ftpcomm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/11/2012 6:56 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/11/2012 6:57 PM 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/11/2012 6:57 PM 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/25/2012 8:18 PM 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/11/2012 6:57 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/11/2012 6:57 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/11/2012 6:57 PM 21256]
R2 avast! Firewall;avast! Firewall;f:\program files\AVAST Software\Avast\afwServ.exe [1/11/2012 6:56 PM 133912]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/4/2012 10:15 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/4/2012 10:15 AM 8456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/3/2011 2:41 PM 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\At1.job
- c:\program files\hp\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2013-02-13 c:\windows\Tasks\At2.job
- c:\program files\hp\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2013-02-11 c:\windows\Tasks\At3.job
- c:\program files\hp\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2013-02-13 c:\windows\Tasks\At4.job
- c:\program files\hp\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2013-02-13 c:\windows\Tasks\avast! Emergency Update.job
- f:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 23:50]
.
2013-01-22 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-11-30 20:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN40457928621118717
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN40457928621118717&UM=UM_ID&q=
FF - ExtSQL: 2013-02-08 21:06; {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}; c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-7-Zip - f:\program files\7-Zip\Uninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-13 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-02-13 17:19:56
ComboFix-quarantined-files.txt 2013-02-13 22:19
ComboFix2.txt 2009-09-07 15:53
ComboFix3.txt 2009-09-07 15:53
.
Pre-Run: 46,668,935,168 bytes free
Post-Run: 53,810,733,056 bytes free
.
- - End Of File - - 169F6193651B4A0D6386EA809286E03D
-
February 17th, 2013, 08:30 PM
#11
Ok, Installed Java. Sould I now do the clean up with OTL
-
February 13th, 2013, 07:27 PM
#12
Looks good.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
==========================
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
=======================
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
February 16th, 2013, 01:09 PM
#13
Broni, Sorry for the delay. I thought I had posted these files days ago, but didn't. (Perhaps a brain freeze.) (Posting of the reports will require 2- listing due to length.)
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 11:55:52
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bobby - RPOPPER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bobby\Desktop\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6000.17117
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\M Honey\Application Data\Mozilla\Firefox\Profiles\9l63vbnz.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S2].txt - [837 octets] - [16/02/2013 11:55:52]
########## EOF - C:\AdwCleaner[S2].txt - [896 octets] ##########
OTL logfile created on: 2/13/2013 8:03:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.12 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 83.32% Memory free
4.96 Gb Paging File | 4.65 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.00 Gb Total Space | 50.10 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 32.59 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
Drive E: | 49.26 Gb Total Space | 40.75 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 35.64 Gb Free Space | 72.98% Space Free | Partition Type: NTFS
Drive G: | 59.47 Gb Total Space | 21.98 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
Drive K: | 59.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 62.54 Gb Total Space | 23.44 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Computer Name: RPOPPER | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/13 19:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/10/11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/07/05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- F:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/13 06:44:18 | 000,155,648 | ---- | M] (Allume Systems, Inc.) -- F:\Program Files\Allume\StuffIt\MXTask.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/03/19 10:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/13 17:49:00 | 002,054,144 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\13021304\algo.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- F:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2002/05/03 16:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
========== Services (SafeList) ==========
SRV - [2013/02/01 13:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/07/05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- F:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/06/13 06:44:18 | 000,155,648 | ---- | M] (Allume Systems, Inc.) [Auto | Running] -- F:\Program Files\Allume\StuffIt\MXTask.exe -- (StuffIt Task Manager)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/03/19 10:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Bobby\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/25 18:12:06 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/12/23 15:32:54 | 000,003,445 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\U3SHLPDR.SYS -- (U3SHLPDR)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/06/03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/11/28 12:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/04/29 10:38:52 | 000,393,984 | ---- | M] (Allume Systems) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\zmxpzip.sys -- (zmxpzip)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/04/09 08:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes\{FD7644DE-3BDB-4746-8773-976E63A590B2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledAddons: readability%40readability.com:2.4
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Bc0c2693d-2ee8-47b4-9df7-b67a0ee31988%7D:10.14.65.43
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: F:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 11:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2013/02/09 15:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins
[2011/04/03 10:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Extensions
[2013/02/13 19:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions
[2011/11/26 13:19:04 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2012/03/06 21:01:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(3)
[2012/07/21 10:30:12 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\support@lastpass.com
[2012/10/03 07:30:33 | 000,260,810 | ---- | M] () (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\readability@readability.com.xpi
[2013/01/31 18:14:12 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\BOBBY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2T35KVQ8.DEFAULT\EXTENSIONS\{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}
[2011/07/04 23:41:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O1 HOSTS File: ([2013/02/13 17:17:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] F:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003..\Run: [iCloudServices] F:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003..\Run: [MobileDocuments] F:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA746ED-B0C5-4BE8-8F4A-08E8453844AD}: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/03 10:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/17 14:30:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/20 10:01:34 | 000,000,098 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/13 19:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/13 19:52:05 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/13 19:32:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
[2013/02/13 19:32:17 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Bobby\Desktop\JRT.exe
[2013/02/13 17:31:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/13 16:37:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/13 16:35:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/13 16:35:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/13 16:35:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/13 16:35:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/13 16:35:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/13 16:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/09 15:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/30 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\Application Data\dvdcss
[2013/01/22 12:56:30 | 000,000,000 | ---D | C] -- C:\Programme
[2013/01/17 15:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/13 19:39:09 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/02/13 19:39:07 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\SafeZone Browser.lnk
[2013/02/13 19:38:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/13 19:38:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/13 19:37:52 | 000,017,607 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2013/02/13 19:37:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 19:37:28 | 3346,386,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 19:36:27 | 000,000,144 | ---- | M] () -- C:\WINDOWS\MXDebug2.ini
[2013/02/13 19:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
[2013/02/13 19:32:17 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Bobby\Desktop\JRT.exe
[2013/02/13 19:32:00 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\adwcleaner0.exe
[2013/02/13 17:17:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/13 16:37:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/13 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/02/13 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/02/13 08:29:30 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 03:09:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 03:07:01 | 000,761,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:07:01 | 000,155,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/02/12 17:27:51 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013/02/11 16:48:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/02/09 15:42:02 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\EASUS.lnk
[2013/02/09 15:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/09 13:42:52 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/02/07 21:09:07 | 000,038,718 | ---- | M] () -- C:\Documents and Settings\Bobby\My Documents\NYS Voucher3.pdf
[2013/02/06 10:09:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/03 16:56:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bobby\My Documents\PDVD_MediaDisc.PlayList
[2013/01/30 23:28:55 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\AoA DVD Copy.lnk
[2013/01/22 12:55:55 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2013/01/22 12:20:57 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2013/01/17 17:33:10 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\Shortcut to CD Drive.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/13 19:32:00 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\adwcleaner0.exe
[2013/02/13 16:37:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/13 16:37:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/13 16:35:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/13 16:35:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/13 16:35:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/13 16:35:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/13 16:35:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/09 15:42:02 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\EASUS.lnk
[2013/02/08 21:05:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/02/07 21:09:07 | 000,038,718 | ---- | C] () -- C:\Documents and Settings\Bobby\My Documents\NYS Voucher3.pdf
[2013/01/30 23:28:55 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\AoA DVD Copy.lnk
[2013/01/22 12:55:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2013/01/22 12:20:56 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2013/01/18 11:23:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bobby\My Documents\PDVD_MediaDisc.PlayList
[2013/01/17 17:33:10 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\Shortcut to CD Drive.lnk
[2012/12/23 15:32:54 | 000,003,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3SHLPDR.SYS
[2012/12/03 16:46:38 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/11/07 09:36:25 | 000,013,010 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Comma Separated Values (Windows).CAL
[2012/10/11 19:43:14 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/10/11 19:43:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/10/11 19:40:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/10/11 19:39:49 | 000,000,398 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/04/25 16:47:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Bobby\.recently-used.xbel
[2012/02/28 15:26:47 | 000,024,280 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Comma Separated Values (Windows).ADR
[2012/02/23 13:29:07 | 000,190,666 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-500-0.dat
[2012/02/19 11:01:33 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/15 20:41:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 22:28:04 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 12:27:41 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/02/04 10:15:09 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/02/04 10:15:08 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/02/04 10:15:08 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/02/04 10:15:08 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/02/04 10:15:08 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/02/01 13:21:47 | 000,263,476 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-1004-0.dat
[2012/01/12 20:45:12 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/01/12 14:26:17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/01/05 23:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/26 23:45:01 | 002,788,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-1003-0.dat
[2011/12/26 23:45:00 | 000,193,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/30 12:08:26 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/11/30 11:47:19 | 000,042,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/02 13:44:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\driver.dat
[2011/11/02 13:44:10 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\magicpvt.dat
[2011/08/09 15:18:30 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/07/14 17:00:58 | 000,022,892 | ---- | C] () -- C:\WINDOWS\HL-3040CN.INI
[2011/07/14 16:57:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/07/14 16:57:43 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/07/14 16:57:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC08A.DAT
[2011/06/24 17:23:45 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Bobby\signature.htlm
[2011/06/11 17:45:14 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Microsoft Excel.ADR
[2011/05/19 09:17:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
[2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
[2011/04/03 14:07:01 | 000,017,607 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2011/04/03 14:06:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2011/04/03 14:06:52 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2011/04/03 14:05:34 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2011/04/03 14:05:33 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2011/04/03 13:58:05 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2011/04/03 13:58:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2011/04/03 13:53:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2011/04/03 13:52:56 | 000,013,451 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2011/04/03 13:52:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2011/04/03 13:52:49 | 000,000,750 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/04/03 13:52:40 | 000,000,412 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2011/04/03 13:52:39 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2011/04/03 13:48:28 | 000,012,885 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2011/04/03 13:37:48 | 000,000,144 | ---- | C] () -- C:\WINDOWS\MXDebug2.ini
[2011/04/03 13:21:22 | 000,004,456 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/03 12:49:04 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2011/04/03 12:49:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2011/04/03 11:54:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/04/03 11:34:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/03 11:24:21 | 000,000,230 | ---- | C] () -- C:\Program Files\P DVD.lnk
[2011/04/03 10:56:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/03 10:19:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 10:13:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/03 06:05:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/03 06:03:22 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2011/04/11 17:15:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 15:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/10/01 15:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/08/11 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alien Skin
[2012/06/29 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allume Systems
[2012/01/11 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/05 21:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bobby
[2011/11/30 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/06/29 16:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickFreeTformer
[2012/02/08 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2012/02/05 17:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitachi GST
[2012/02/15 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
[2011/11/30 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/01/11 18:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartPCScan
[2012/02/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/04/03 13:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/03 13:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Allume Systems
[2011/06/13 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\AMICAS
[2012/04/22 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Audacity
[2011/11/30 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Canneverbe Limited
[2011/04/17 10:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Free Audio Converter
[2011/11/30 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\FreeBurner
[2012/02/08 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Garmin
[2012/02/05 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\HitachiGST
[2013/01/19 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\ImgBurn
[2012/07/21 10:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\LastPass
[2011/11/30 15:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\NCH Swift Sound
[2011/05/25 21:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Opera
[2012/08/02 19:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Oracle
[2013/02/04 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\PrimoPDF
[2011/10/04 23:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Remote Utilities Files
[2012/05/20 10:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\RipIt4Me
[2011/04/19 21:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\SyncCell
[2011/07/01 15:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Temp
[2012/12/25 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\TrueCrypt
[2012/07/13 19:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\TweakNow SecureDelete
[2012/02/12 12:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\WindSolutions
[2012/12/20 09:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\XnConvert
[2012/12/20 09:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\XnView
[2011/04/03 13:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Allume Systems
[2011/07/08 10:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2012/01/31 16:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Honey\Application Data\Allume Systems
[2012/02/01 11:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Honey\Application Data\Garmin
========== Purity Check ==========
< End of report >
-
February 16th, 2013, 01:15 PM
#14
Here is Extra.txt
OTL Extras logfile created on: 2/13/2013 8:03:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.12 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 83.32% Memory free
4.96 Gb Paging File | 4.65 Gb Available in Paging File | 93.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.00 Gb Total Space | 50.10 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 32.59 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
Drive E: | 49.26 Gb Total Space | 40.75 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 35.64 Gb Free Space | 72.98% Space Free | Partition Type: NTFS
Drive G: | 59.47 Gb Total Space | 21.98 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
Drive K: | 59.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 62.54 Gb Total Space | 23.44 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Computer Name: RPOPPER | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Print_Directory_Listintg] -- printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*isabled:javaw -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\Program Files\FTP Commander\Ftpcomm.exe" = E:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft)
"C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2A006433-AA67-4049-A33A-83039BF50887}" = Brother HL-3040CN
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{601245BF-D558-4262-8D73-AA650B3219ED}" = PHP 5.3.10
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C9644-9F82-44D3-B4CA-AC31F46F5882}" = Python 3.2.3
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.0
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"AoA DVD Copy_is1" = AoA DVD Copy
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Internet Security
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ExpressRip" = Express Rip
"Gateway_Advanced_Setup_is1" = Gateway Advanced Setup 1.11
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSSL-0.9.8h-1_is1" = GnuWin32: OpenSSL-0.9.8h-1
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PS2" = PS2
"Replay Music3.98" = Replay Music
"Sound Blaster Live!" = Sound Blaster Live!
"SyncCell" = SyncCell 3.1
"TrueCrypt" = TrueCrypt
"TweakNow SecureDelete_is1" = TweakNow SecureDelete
"Unlocker" = Unlocker 1.9.1
"Wacom Tablet Driver" = Wacom Tablet Driver
"Web_4.0.1303.0" = Microsoft Expression Web 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnConvert_is1" = XnConvert 1.51
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"LastPass" = LastPass (uninstall only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2013 10:06:16 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 761016
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 761016
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 762969
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 762969
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 764954
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 764954
[ System Events ]
Error - 2/13/2013 5:27:10 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/13/2013 5:50:15 PM | Computer Name = RPOPPER | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 8ac383e8, parameter3
00000000, parameter4 00000000.
Error - 2/13/2013 6:17:14 PM | Computer Name = RPOPPER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
without first being prepared for removal.
Error - 2/13/2013 6:37:35 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 2/13/2013 6:37:35 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .
Error - 2/13/2013 6:37:35 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/13/2013 8:29:36 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 2/13/2013 8:29:36 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .
Error - 2/13/2013 8:29:36 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/13/2013 8:34:12 PM | Computer Name = RPOPPER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
-
February 17th, 2013, 10:09 PM
#15
OTL Extras logfile created on: 2/17/2013 8:55:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.12 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 72.67% Memory free
4.96 Gb Paging File | 4.30 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.00 Gb Total Space | 51.14 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 32.59 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
Drive E: | 49.26 Gb Total Space | 40.75 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 34.92 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Drive G: | 59.47 Gb Total Space | 21.98 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
Drive K: | 59.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 62.54 Gb Total Space | 23.48 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
Computer Name: RPOPPER | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Print_Directory_Listintg] -- printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*isabled:javaw -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"E:\Program Files\FTP Commander\Ftpcomm.exe" = E:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft)
"C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{2A006433-AA67-4049-A33A-83039BF50887}" = Brother HL-3040CN
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{601245BF-D558-4262-8D73-AA650B3219ED}" = PHP 5.3.10
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C9644-9F82-44D3-B4CA-AC31F46F5882}" = Python 3.2.3
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.0
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"AoA DVD Copy_is1" = AoA DVD Copy
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Internet Security
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ExpressRip" = Express Rip
"Gateway_Advanced_Setup_is1" = Gateway Advanced Setup 1.11
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSSL-0.9.8h-1_is1" = GnuWin32: OpenSSL-0.9.8h-1
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PS2" = PS2
"Replay Music3.98" = Replay Music
"Sound Blaster Live!" = Sound Blaster Live!
"SyncCell" = SyncCell 3.1
"TrueCrypt" = TrueCrypt
"TweakNow SecureDelete_is1" = TweakNow SecureDelete
"Unlocker" = Unlocker 1.9.1
"Wacom Tablet Driver" = Wacom Tablet Driver
"Web_4.0.1303.0" = Microsoft Expression Web 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnConvert_is1" = XnConvert 1.51
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"LastPass" = LastPass (uninstall only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2013 10:06:16 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 761016
Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 761016
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 762969
Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 762969
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 764954
Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 764954
[ System Events ]
Error - 2/16/2013 7:18:52 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .
Error - 2/16/2013 7:18:52 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .
Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL.
Reference
error message: The operation completed successfully. .
Error - 2/16/2013 8:17:06 PM | Computer Name = RPOPPER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 2/17/2013 5:01:22 PM | Computer Name = RPOPPER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
< End of report >
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|