Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE and Firefox "Problem Loading Page" on a number of sites

Started by Geri Winters , Aug 15 2009 08:10 AM

  • Please log in to reply

#1
Geri Winters
Posted 15 August 2009 - 08:10 AM

Geri Winters

    New Member

  • Member
  • Pip
  • 2 posts
Hello folks.

I started having problems browsing to some sites 10 days ago, about the time both IE and Firefox were upgraded to the latest release. I was just using Firefox at the time. At first I thought it was just a site problem (at LinkedIn), but over time found that this affects a number of sites. The error I get is:

The connection was reset


The connection to the server was reset while the page was loading.


* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


I worked my way through a guide at mozilla.com for fixing Firefox browser problems, including clearing cookies and cache, making sure all updates for everyone (Microsoft, Java, Adobe, Mozilla, Roboform, etc.) were installed, and uninstalling and reinstalling Firefox. None of this fixed the problem. I then tried running IE and had the same problems, so went looking on Google for issues that affect both browsers. That brought me to your Malware Cleaning Guide, which I have gone all the way through. I am still having the same problem.

I ran a full scan using the August 2009 Microsoft Malicious software removal tool and it found nothing. I ran a full scan using Norton Anti-Virus and it just found one tracking cookie. I am running XP and use the Microsoft firewall.

Any help you can offer is most appreciated!!

Thank you-

Geri

Here are my logs:

Malware Bytes log:
===================

Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Geri Winters\Application Data\Mozilla\Firefox\Profiles\v1c9slwz.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Geri Winters\Application Data\Mozilla\Firefox\Profiles\v1c9slwz.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Geri Winters\Cookies\geri_winters@doubleclick[1].txt

Root Repeal report:
=========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/15 09:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAE7B0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAABCD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB9E6C000 Size: 323584 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a333e78

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a44f6d0

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a402bc8

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8a3282f0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a4d21b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaea9e040

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a348ef8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8a349f80

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a324080

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8a32c058

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaea9e2c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaea9e820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a375570

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a2fa110

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a390788

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a37a748

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8a310dc0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a34ed88

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a35cb30

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8a380b38

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a372dc0

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a350058

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8a375600

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a34aef8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a373c28

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a372400

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a346118

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8a427058

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaea9ea70

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a3de8e0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a32e4b8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a373268

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a363c28

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a3728e0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a34bcf0

==EOF==

OTL Log:
========

OTL logfile created on: 8/15/2009 9:42:26 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Geri Winters\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.35% Memory free
3.35 Gb Paging File | 2.86 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.73 Gb Total Space | 11.06 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERI
Current User Name: Geri Winters
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/04/12 19:34:36 | 00,040,554 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/11/05 04:30:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2005/05/11 01:01:56 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/02/18 10:03:38 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/02/18 10:05:30 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/05/25 01:36:46 | 00,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/04/27 14:09:46 | 00,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2009/05/21 10:17:26 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/04/24 19:26:54 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
PRC - [2007/09/05 09:53:48 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2005/03/18 06:07:00 | 00,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE
PRC - [2008/10/01 15:52:36 | 00,064,888 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
PRC - [2005/02/18 10:02:24 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2004/05/24 13:25:04 | 00,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2003/07/11 21:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/04/24 19:26:54 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2005/05/11 01:01:56 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/11/08 14:17:56 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/12/23 09:07:16 | 00,577,024 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2004/11/08 14:17:22 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/04/05 18:14:34 | 00,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2005/04/04 15:43:32 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/09/06 19:03:52 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/03/24 19:20:34 | 00,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/03/23 05:11:00 | 00,217,088 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2004/10/14 12:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2005/03/07 04:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/08/06 05:10:00 | 00,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2005/04/27 12:53:08 | 00,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\UTILS\ibmprc.exe
PRC - [2005/03/18 06:07:00 | 00,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2008/04/01 13:21:56 | 00,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
PRC - [2005/03/18 06:07:00 | 00,745,472 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2009/01/30 14:05:04 | 00,365,872 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/08/30 23:39:16 | 00,045,091 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/04/16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/08/14 13:44:01 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2003/10/24 00:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2005/05/25 01:41:58 | 00,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2004/01/16 15:45:08 | 00,114,688 | ---- | M] (OLYMPUS Corporation.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/06/09 17:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2007/09/11 08:38:44 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2008/01/05 11:11:44 | 00,135,168 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Geri Winters\Desktop\Geri Various\software\putty\PAGEANT.EXE
PRC - [2008/09/23 12:20:00 | 00,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2007/09/19 12:18:24 | 04,139,008 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/01/29 15:01:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/15 09:34:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geri Winters\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/08/19 23:30:34 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/05/11 01:01:56 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/05/25 01:36:46 | 00,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/02/18 10:03:38 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/27 14:09:46 | 00,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service [Auto | Running])
SRV - [2004/11/05 04:30:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 10:17:26 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
SRV - [2009/05/21 10:17:26 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/04/13 20:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (LVPrcSrv [Auto | Stopped])
SRV - [2007/07/20 00:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2006/03/28 00:54:52 | 00,073,795 | ---- | M] (IBM Corporation) -- C:\Program Files\Rational\ClearQuest\mailservice.exe -- (MailService [Auto | Stopped])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/24 19:26:54 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/29 17:44:06 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/07/22 19:17:30 | 00,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv [On_Demand | Stopped])
SRV - [2007/09/05 09:53:48 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2005/03/18 06:07:00 | 00,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE -- (QCONSVC [Auto | Running])
SRV - [2008/10/01 15:52:36 | 00,064,888 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -- (RDIConverterPrintHelper [Auto | Running])
SRV - [2005/02/18 10:02:24 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/02/18 10:05:30 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/10/18 11:51:58 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2004/05/24 13:25:04 | 00,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2003/07/11 21:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2005/04/12 19:34:36 | 00,040,554 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver [Auto | Running])
SRV - [2004/08/11 03:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/11 00:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.txt.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 08:47:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/05 19:51:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/07/17 11:42:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 15:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/14 15:34:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/23 07:43:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/08/14 13:31:58 | 00,000,000 | ---D | M]

[2009/01/18 18:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Extensions
[2009/01/18 18:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/15 09:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Firefox\Profiles\v1c9slwz.default\extensions
[2009/08/15 09:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Firefox\Profiles\v1c9slwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/07 12:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Firefox\Profiles\v1c9slwz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/05 19:52:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Firefox\Profiles\v1c9slwz.default\extensions\[email protected]
[2009/08/15 09:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\mozilla\Firefox\Profiles\v1c9slwz.default\extensions\staged-xpis
[2009/08/15 09:26:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/14 15:34:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/12 12:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2007/05/05 18:21:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/08 20:02:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/04 13:31:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/08 15:01:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/13 12:09:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/05 19:51:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/07 16:07:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/06/21 19:38:52 | 00,030,280 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
[2007/06/21 19:38:54 | 00,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 19:38:56 | 00,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 19:38:58 | 00,140,872 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
[2007/06/21 19:39:14 | 00,038,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icafile.dll
[2007/06/21 19:39:16 | 00,046,664 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icalogon.dll
[2007/06/21 19:39:18 | 00,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/06/21 19:39:34 | 00,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/15 01:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/07/31 19:52:18 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/23 07:43:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/23 07:43:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/07/31 19:52:25 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/07/31 19:52:14 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/25 18:37:14 | 03,833,856 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2007/06/21 19:39:58 | 00,685,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
[2007/06/21 19:40:02 | 00,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [ControlCenter] C:\Program Files\IBM fingerprint software\ctlcntr.exe (UPEK Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to PAGEANT.lnk = C:\Documents and Settings\Geri Winters\Desktop\Geri Various\software\putty\PAGEANT.EXE (Simon Tatham)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Geri Winters\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec....ta/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.132.1 192.168.132.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll (Broadcom Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/22 19:35:47 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{503c011e-7c76-11de-bf5e-0013ce7c1779}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/14 21:48:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geri Winters\Application Data\Malwarebytes
[2009/08/14 21:48:05 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/14 21:48:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/14 21:47:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/14 21:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/14 21:47:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/14 21:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/14 21:43:27 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\NTREGOPT.lnk
[2009/08/14 21:43:27 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\ERUNT.lnk
[2009/08/14 21:43:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/14 15:34:51 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/14 15:31:13 | 08,050,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\Geri Winters\Desktop\Firefox Setup 3.5.2.exe
[2009/08/14 14:12:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geri Winters\My Documents\Downloads
[2009/08/14 13:42:53 | 02,921,968 | ---- | C] (Siber Systems) -- C:\Documents and Settings\Geri Winters\Desktop\AiRoboForm-cnetc.exe
[2009/08/14 13:31:58 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/08/13 19:35:50 | 00,262,789 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Medical Bill.pdf
[2009/08/13 19:34:41 | 00,807,040 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Duquesne July.pdf
[2009/08/13 09:34:59 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Checklist.doc
[2009/08/12 14:51:31 | 00,823,322 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\geridiploma.jpg
[2009/08/12 14:50:45 | 00,605,449 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Jasonphoto.jpg
[2009/08/11 09:08:32 | 00,021,912 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Geri Course Scenarios V2.odg
[2009/08/09 14:25:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Geri Winters\Desktop\Wales house pictures
[2009/08/09 12:00:41 | 00,281,576 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\Bringing+your+belongings+and+private+motor+vehicle+to+the+UK+from+outside+the+EC.pdf
[2009/08/08 15:17:40 | 00,285,922 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\A+Customs+guide+for+travellers+entering+the+UK+-+Notice+1.pdf
[2009/08/08 14:54:13 | 00,351,156 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\highlyskilledunderpbs.pdf
[2009/08/08 14:53:15 | 00,246,923 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\studentsunderthepointsbased.pdf
[2009/08/08 09:21:00 | 00,153,792 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\radio clock manual.pdf
[2009/08/07 18:44:21 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/07 15:02:20 | 00,000,000 | ---D | C] -- C:\7a7de31c281417cf861f80
[2009/08/02 19:58:44 | 00,552,568 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\10pc.zip
[2009/08/02 19:27:12 | 00,062,261 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\200907030955340.Thai Cuisine.pdf
[2009/08/02 17:06:03 | 02,285,536 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\geneology.jpg
[2009/08/02 11:19:33 | 00,030,587 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\mv-38o.pdf
[2009/08/02 09:31:00 | 00,209,269 | ---- | C] () -- C:\Documents and Settings\Geri Winters\Desktop\rW_SO_Viewpoints.pdf

========== Files - Modified Within 14 Days ==========

[2009/08/15 09:19:36 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/15 09:04:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/15 09:04:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 09:04:16 | 21,458,98496 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/14 21:48:05 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/14 21:43:27 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\NTREGOPT.lnk
[2009/08/14 21:43:27 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\ERUNT.lnk
[2009/08/14 15:34:51 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/14 15:31:13 | 08,050,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Geri Winters\Desktop\Firefox Setup 3.5.2.exe
[2009/08/14 13:52:14 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Checklist.doc
[2009/08/14 13:42:54 | 02,921,968 | ---- | M] (Siber Systems) -- C:\Documents and Settings\Geri Winters\Desktop\AiRoboForm-cnetc.exe
[2009/08/14 13:31:58 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/08/14 12:17:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/13 19:35:53 | 00,262,789 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Medical Bill.pdf
[2009/08/13 19:34:54 | 00,807,040 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Duquesne July.pdf
[2009/08/12 22:20:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/12 14:51:32 | 00,823,322 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\geridiploma.jpg
[2009/08/12 14:50:46 | 00,605,449 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Jasonphoto.jpg
[2009/08/11 09:15:07 | 00,021,912 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Geri Course Scenarios V2.odg
[2009/08/11 08:42:05 | 00,042,536 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/09 12:00:49 | 00,281,576 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\Bringing+your+belongings+and+private+motor+vehicle+to+the+UK+from+outside+the+EC.pdf
[2009/08/08 15:17:41 | 00,285,922 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\A+Customs+guide+for+travellers+entering+the+UK+-+Notice+1.pdf
[2009/08/08 14:54:15 | 00,351,156 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\highlyskilledunderpbs.pdf
[2009/08/08 14:53:17 | 00,246,923 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\studentsunderthepointsbased.pdf
[2009/08/08 09:21:04 | 00,153,792 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\radio clock manual.pdf
[2009/08/07 15:46:33 | 00,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/07 15:23:43 | 00,502,064 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/07 15:23:43 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/07 15:23:43 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 19:58:44 | 00,552,568 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\10pc.zip
[2009/08/02 19:27:14 | 00,062,261 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\200907030955340.Thai Cuisine.pdf
[2009/08/02 17:06:05 | 02,285,536 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\geneology.jpg
[2009/08/02 11:19:35 | 00,030,587 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\mv-38o.pdf
[2009/08/02 09:31:06 | 00,209,269 | ---- | M] () -- C:\Documents and Settings\Geri Winters\Desktop\rW_SO_Viewpoints.pdf

========== LOP Check ==========

[2009/08/14 21:47:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/23 07:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/18 10:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/07/12 14:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2006/07/26 19:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/07/22 19:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2006/07/22 18:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/06/18 11:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/01 08:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/04/15 19:17:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/05/26 11:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/15 19:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2009/04/24 19:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/24 19:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/24 19:01:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/09/23 13:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2004/08/09 14:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/09/07 18:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/12/06 11:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/09 22:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/08/14 21:48:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Geri Winters\Application Data
[2009/08/15 09:24:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\.purple
[2009/07/29 15:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Canon
[2008/12/02 20:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\FileZilla
[2008/09/29 20:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\gtk-2.0
[2006/07/26 19:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\HotSync
[2006/11/06 17:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\IBM
[2007/11/07 18:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\ICAClient
[2006/07/22 22:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Intel
[2006/08/25 22:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\InterVideo
[2008/12/13 14:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\iolo
[2006/07/26 19:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Leadertech
[2008/05/05 20:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Move Networks
[2009/07/09 17:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\MyPublisher
[2009/08/11 10:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\OpenOffice.org2
[2007/05/10 19:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Publish Providers
[2006/11/22 15:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Rational
[2006/07/24 21:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\SmartFTP
[2007/05/10 19:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Sony
[2007/07/17 11:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Sparx Systems
[2009/01/03 19:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Subversion
[2008/01/03 18:41:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Thunderbird
[2009/01/03 22:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\TortoiseSVN
[2009/06/08 09:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\U3
[2009/03/23 10:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\Web Meeting
[2008/12/09 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Geri Winters\Application Data\ZoomBrowser EX
[2009/08/12 22:20:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/15 09:04:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
< End of report >


OTL Extras log:
==================

OTL Extras logfile created on: 8/15/2009 9:42:26 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Geri Winters\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.35% Memory free
3.35 Gb Paging File | 2.86 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.73 Gb Total Space | 11.06 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERI
Current User Name: Geri Winters
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- "%1" %*"
.scr [@ = scrfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe" = C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg -- (Rene-Gilles Deberdt)
"C:\Documents and Settings\Geri Winters\Desktop\Geri Various\software\RTC\jazz\server\win32\ibm-java2-i386-50\jre\bin\java.exe" = C:\Documents and Settings\Geri Winters\Desktop\Geri Various\software\RTC\jazz\server\win32\ibm-java2-i386-50\jre\bin\java.exe:*:Enabled:Java launcher -- File not found
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{091ED268-1BBE-4C77-9500-7D1D82D9AD8F}" = PRS-700 User's Guide
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A399F13-2F24-4318-B632-D27B7FCCB43A}" = TortoiseSVN 1.5.6.14908 (32 bit)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility
"{1C6D9FD0-8BE2-4226-8D9F-4929CBC1C396}" = Camtasia Studio 4
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22D66ACE-E0A1-482E-B797-0A6A377D3E91}" = IBM Rational Rose Enterprise Edition
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B0492-B0C9-47C8-9C4E-7A13A53A9DE3}" = Sony Sound Forge Audio Studio 8.0b
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{664F96E2-7CE3-48E2-A7D9-55E002EEFB31}" = Boingo Wi-Fi
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7228CB73-80E9-48D3-A7FD-C2A242686AB3}" = Microsoft Office Live Meeting 2005
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = ThinkPad Integrated Bluetooth IV Software
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FE0F65-26F1-4AAF-A772-1B6484564DAE}" = InterCall Web Meeting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager
"{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}" = SnagIt 8
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C239BCD7-882A-478F-A5CF-DDEB074A4291}" = eBook Library by Sony
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C6DCA530-4107-48E1-B11B-865C0C44D6B2}" = IBM Rational RequisitePro
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 7.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4134B0B-EA9B-4835-A77A-60BEE6277101}" = Lightroom
"{DFEBA70E-F169-4016-AB27-7230BCCDBD42}" = IBM fingerprint software 4.5.5
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AV Voice Changer Software DIAMOND 5.5" = AV Voice Changer Software DIAMOND 5.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.0
"e1a339b53cefb3e28839b7c7cab09e18" = IBM Rational Method Composer
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"inExpense" = inExpense
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"IrfanView" = IrfanView (remove only)
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODSK" = Canon Utilities Original Data Security Tools
"Panda3D 1.3.2" = Panda3D 1.3.2
"PhotoStitch" = Canon Utilities PhotoStitch
"Pidgin" = Pidgin
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PrimoPDF4.0" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"Qlock" = Qlock Lite
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Enterprise Edition E4.5
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Skyhook Wireless Wi-Fi Service" = Skyhook Wireless Wi-Fi Service
"Synergy" = Synergy
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.1.8
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2009 8:03:16 PM | Computer Name = GERI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.226, faulting module
skype.exe, version 4.0.0.226, fault address 0x0036244f.

Error - 7/23/2009 8:03:27 PM | Computer Name = GERI | Source = Application Error | ID = 1001
Description = Fault bucket 1246691926.

Error - 7/27/2009 10:50:45 AM | Computer Name = GERI | Source = QuickBooks | ID = 4
Description =

Error - 7/27/2009 10:50:45 AM | Computer Name = GERI | Source = QuickBooks | ID = 4
Description =

Error - 7/27/2009 10:50:45 AM | Computer Name = GERI | Source = QuickBooks | ID = 4
Description =

Error - 7/27/2009 10:51:23 AM | Computer Name = GERI | Source = QuickBooks | ID = 4
Description =

Error - 8/14/2009 3:37:15 PM | Computer Name = GERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/14/2009 3:37:15 PM | Computer Name = GERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/14/2009 3:37:15 PM | Computer Name = GERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/14/2009 3:37:15 PM | Computer Name = GERI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 8/14/2009 9:31:47 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 8/14/2009 9:31:47 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 8/14/2009 9:33:57 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 8/14/2009 9:33:57 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 8/14/2009 10:28:29 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 8/14/2009 10:28:29 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 8/14/2009 10:28:29 PM | Computer Name = GERI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Norton AntiVirus service.

Error - 8/14/2009 11:44:11 PM | Computer Name = GERI | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 8/15/2009 9:05:55 AM | Computer Name = GERI | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 8/15/2009 9:05:55 AM | Computer Name = GERI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2


< End of report >

Edited by Geri Winters, 15 August 2009 - 08:12 AM.

  • 0

Advertisements

#2
Geri Winters
Posted 15 August 2009 - 05:05 PM

Geri Winters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I've tried some more things today, so thought I'd update this post.

I ran VundoFix and it found nothing.

I tried running Firefox in Safemode - no difference.
I tried booting Windows into Safemode - no difference.

It occurred to me that every site I am having problems with is running some kind of script. And I remember that .net and Java were both updated just before the problems began.

I uninstalled all Java installations using the add/remove software tool, and rebooted my computer. Then reinstalled just the most recent Java. That did not solve anything, but in Firefox I then disabled Java (but left Javascript alone). This fixed my problems with one site, but not all the sites where I am having problems.

Then I uninstalled all .net installations using the add/remove software tool, and rebooted my computer. Then reinstalled just the most recent .net. That did not solve anything and broke the one site that worked. I tried rebooting again, and now the site that was fixed worked again, but other sites do not.

So currently, I have Java turned off in Firefox and IE, the site that was running javascript is now working, but the site using aspx is not working in either browser.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP