Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Something is stopping IE from Loading


  • This topic is locked This topic is locked

#1
helplessinchicago

helplessinchicago

    New Member

  • Member
  • Pip
  • 8 posts
when I load IE, it starts, then "IE has stopped working" and gives me two options (1) check online for a solution and close the program. or (2) Close the program. Either one closes the program and can't access internet. However, Mozilla Firefox does load and is fully functional. This has happened on two PCs in our house.

My OTL log:
OTL logfile created on: 3/1/2011 9:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Karoline Obora\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 389.74 Gb Free Space | 86.40% Space Free | Partition Type: NTFS

Computer Name: KAROLINEOBORA | User Name: Karoline Obora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/01 21:26:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Karoline Obora\Downloads\OTL.exe
PRC - [2011/03/01 21:12:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Karoline Obora\Downloads\HiJackThis.exe
PRC - [2010/12/14 08:34:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/23 20:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/10/29 11:44:02 | 000,505,232 | ---- | M] (InterCall, Inc.) -- C:\Program Files (x86)\InterCall Unified Meeting\Modules\Launcher\mcLauncher.exe
PRC - [2010/02/12 10:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/11/03 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/03 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/05/12 16:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (SafeList) ==========

MOD - [2011/03/01 21:26:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Karoline Obora\Downloads\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 14:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/20 09:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/12 21:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/03/02 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2010/11/23 20:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/29 21:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/11/03 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/03 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/12 21:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/12 16:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/30 23:24:00 | 000,382,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/22 22:08:32 | 000,735,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 22:08:32 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/17 20:59:55 | 000,802,864 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/29 20:08:07 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/10/20 20:28:36 | 000,450,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/07/26 01:28:40 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/07/26 01:28:40 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/07/26 01:28:40 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/07/25 22:48:25 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/06 14:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/28 04:55:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/07 06:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/02 08:24:38 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/12/01 11:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/11/27 12:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/11/05 08:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/02 07:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/28 04:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 04:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/09 21:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/02/25 15:59:11 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/12/16 16:50:20 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110301.020\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 16:50:20 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110301.020\ENG64.SYS -- (NAVENG)
DRV - [2010/11/08 18:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110301.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/29 00:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/29 00:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ontime.claimf...ontime2009web/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.4.5.184

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/07/25 23:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/10 21:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 19:23:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/06 02:00:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\InterCall Unified Meeting\Modules\Firefox [2010/12/16 08:34:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 08:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/14 08:34:20 | 000,000,000 | ---D | M]

[2010/09/30 23:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline Obora\AppData\Roaming\Mozilla\Extensions
[2010/09/30 23:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline Obora\AppData\Roaming\Mozilla\Firefox\Profiles\ndaim8b7.default\extensions
[2010/10/30 22:19:07 | 000,002,470 | ---- | M] () -- C:\Users\Karoline Obora\AppData\Roaming\Mozilla\Firefox\Profiles\ndaim8b7.default\searchplugins\safesearch.xml
[2010/10/29 20:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/29 20:39:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 08:34:49 | 000,000,000 | ---D | M] (InterCall Unified Meeting) -- C:\PROGRAM FILES (X86)\INTERCALL UNIFIED MEETING\MODULES\FIREFOX
[2011/01/06 19:23:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/10 21:03:14 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/10/29 20:39:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKCU..\Run: [MeetingLauncher] C:\Program Files (x86)\InterCall Unified Meeting\Modules\Launcher\mcLauncher.exe (InterCall, Inc.)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercall.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/01 19:29:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{01AC10A6-E717-4CD6-8591-DCAD0495ACE0}
[2011/03/01 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{4DCAD024-5D92-42AF-8A8D-D34BD2A2CA26}
[2011/02/28 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F26250DA-410F-4178-BBBB-0F81AC06A298}
[2011/02/27 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7C9C1E94-8B6E-4846-A3B9-F0C1D44C8C1E}
[2011/02/26 08:38:43 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{830AC3FA-AB8C-4CF7-B9E3-9D29C674591A}
[2011/02/25 06:57:40 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{195EEEB7-BB1E-4396-8ABE-247BC6FB9F43}
[2011/02/24 07:26:46 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D65C47C5-D3E8-49C9-BC27-253106AECF17}
[2011/02/23 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{5390E175-2BCC-41FE-9328-4E60D38199B1}
[2011/02/22 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{091B254C-7923-4AF1-BF52-3005513C7B95}
[2011/02/22 07:25:46 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D3CD3918-8852-459F-9A8A-2DC04A9F6E38}
[2011/02/21 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{917871B4-E750-4F66-BB15-5161D7D47067}
[2011/02/21 07:25:22 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{CD6D9AD2-068B-4591-853C-8901E9E89694}
[2011/02/18 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Roaming\webex
[2011/02/18 09:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2011/02/18 09:36:30 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F2BF6EC5-F8B2-4C60-A354-19554B350770}
[2011/02/17 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8C6190BE-1FCC-464F-98BD-0F16446E9A4D}
[2011/02/17 09:35:54 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{DC4867AF-A5A5-4677-A27D-9F66BC8EB3BA}
[2011/02/16 21:35:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{A10A8432-F3DB-4B6E-AC31-D15B4494563B}
[2011/02/16 08:57:29 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{390D24B0-3736-4B11-B7F0-7C7D5882D023}
[2011/02/15 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8A0A8988-9413-4A12-BD64-BBBB5D5262C5}
[2011/02/15 08:41:39 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{43B4DF8E-8BA9-4D76-8A6A-84135AE8E18D}
[2011/02/14 20:41:28 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{B98F9F26-7FAB-4A22-8CB6-0EB6C6590399}
[2011/02/14 08:41:16 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{C204A290-8E89-4ECA-A44E-C404B4794ABA}
[2011/02/13 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8621E408-23EE-4492-8ACB-888966B71F45}
[2011/02/13 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{6121282C-4221-4408-9007-A6CFD554A1AD}
[2011/02/12 20:40:41 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{177F25D3-92AC-4E3D-856A-5BE22CDDDC37}
[2011/02/12 08:40:29 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8D8256CE-7E6E-4935-A93E-0B2099DF1037}
[2011/02/11 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7201AB48-BD00-48F7-8CC7-16E683AD421C}
[2011/02/11 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{580DD5F8-DCA7-4FB9-84C3-8381F9880A16}
[2011/02/10 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{922A1D63-C41C-4346-B267-4C829F93AC13}
[2011/02/10 07:29:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{09F11D5F-9083-4DEC-8CF3-B0E81800CB4A}
[2011/02/09 19:29:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D04F77B9-8AA1-4DA1-9C00-0DE729AC5DBC}
[2011/02/09 07:29:06 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{1997D8F3-083F-4095-BA70-63F62BFF04E7}
[2011/02/08 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{3E5421B0-31C9-47E9-8C4D-778D11546A1B}
[2011/02/08 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7F1F7C19-293C-4060-9214-599C93A69D80}
[2011/02/07 19:28:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D36CAE36-4438-48D3-8C6D-65FEDAF5B062}
[2011/02/07 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{9C006C9C-72C5-4E8B-B5B0-AC809D1CB6CE}
[2011/02/05 07:01:03 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{0DE4269B-E9E3-4F77-B9C5-44BE095837A7}
[2011/02/04 10:36:37 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{702E1672-612F-4238-B1F5-AF7F39F14F33}
[2011/02/03 22:36:26 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F40341A6-D9C6-41F0-AB22-4FBBA49539B2}
[2011/02/03 20:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/03 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{AE9692D1-55BA-415F-990C-FE09DB1B0CA3}
[2011/02/02 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{E8DB9D0E-783F-47BE-AE47-DD5E1D87FDC1}
[2011/02/01 18:49:12 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{A01A9B83-8DF2-400C-8D5D-4C1A9BD3870D}
[2011/02/01 06:48:47 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{20A3B98C-F5EC-4E81-A867-35EA50186FAB}
[2011/01/31 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{055F82AE-8D3F-4C69-9E8F-BE68C24D9E0D}
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/01 21:14:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/01 19:29:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/01 12:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2011/03/01 10:45:56 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/01 10:45:56 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/01 07:14:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/27 17:25:40 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/27 17:25:40 | 000,628,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/27 17:25:40 | 000,107,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/27 17:21:16 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/17 06:42:00 | 000,004,369 | ---- | M] () -- C:\Users\Public\Documents\aaaa.jpg
[2011/02/17 06:41:00 | 000,004,369 | ---- | M] () -- C:\Users\Public\Documents\Description_ cid_image001.jpg.C8A719F0
[2011/02/17 06:41:00 | 000,004,369 | ---- | M] () -- C:\Users\Public\Documents\Description_ cid_image001.jpg
[2011/02/11 11:31:00 | 000,551,424 | ---- | M] () -- C:\Users\Public\Documents\Scottsdale Auto Claim IA Invoice Process no partial pay v2.vsd
[2011/02/10 03:20:03 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/09 20:38:06 | 000,551,936 | ---- | M] () -- C:\Users\Public\Documents\Scottsdale Auto Claim IA Invoice Process v3.1.vsd
[2011/02/04 15:57:40 | 000,001,214 | ---- | M] () -- C:\Users\Public\Documents\Selection Basket.lnk
[2011/02/04 15:57:39 | 000,043,619 | ---- | M] () -- C:\Users\Public\Documents\00436171.png
[2011/02/04 11:28:00 | 000,025,132 | ---- | M] () -- C:\Users\Public\Documents\1N997568-2.pdf
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/17 06:42:00 | 000,004,369 | ---- | C] () -- C:\Users\Public\Documents\aaaa.jpg
[2011/02/17 06:41:00 | 000,004,369 | ---- | C] () -- C:\Users\Public\Documents\Description_ cid_image001.jpg.C8A719F0
[2011/02/17 06:41:00 | 000,004,369 | ---- | C] () -- C:\Users\Public\Documents\Description_ cid_image001.jpg
[2011/02/11 11:28:09 | 000,551,424 | ---- | C] () -- C:\Users\Public\Documents\Scottsdale Auto Claim IA Invoice Process no partial pay v2.vsd
[2011/02/09 20:38:05 | 000,551,936 | ---- | C] () -- C:\Users\Public\Documents\Scottsdale Auto Claim IA Invoice Process v3.1.vsd
[2011/02/04 15:57:44 | 000,001,214 | ---- | C] () -- C:\Users\Public\Documents\Selection Basket.lnk
[2011/02/04 15:57:39 | 000,043,619 | ---- | C] () -- C:\Users\Public\Documents\00436171.png
[2011/02/04 11:28:00 | 000,025,132 | ---- | C] () -- C:\Users\Public\Documents\1N997568-2.pdf
[2010/11/21 11:39:56 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/21 11:39:56 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/21 11:39:56 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/21 11:39:56 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/21 11:39:56 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/21 11:39:56 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/21 11:39:56 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/21 11:39:56 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/21 11:39:56 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/21 11:39:56 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/21 11:39:56 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/21 11:39:56 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/21 11:39:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/21 11:39:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/21 11:39:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/21 11:39:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/10/04 09:00:15 | 000,745,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/25 23:02:22 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/06/25 05:35:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/06/25 05:35:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/06/25 05:35:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/25 05:35:11 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/25 05:35:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/10/01 08:59:33 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\Blackberry Desktop
[2010/09/30 16:25:56 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\DigitalPersona
[2010/11/22 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\Epson
[2010/10/12 09:20:55 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\Meeting Center
[2010/10/01 08:32:35 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\Research In Motion
[2011/02/18 11:20:19 | 000,000,000 | ---D | M] -- C:\Users\Karoline Obora\AppData\Roaming\webex
[2011/03/01 12:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\PerfectOptimizer_home.job
[2009/07/13 23:08:49 | 000,013,176 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :D

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/03/01 19:29:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{01AC10A6-E717-4CD6-8591-DCAD0495ACE0}
    [2011/03/01 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{4DCAD024-5D92-42AF-8A8D-D34BD2A2CA26}
    [2011/02/28 18:34:16 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F26250DA-410F-4178-BBBB-0F81AC06A298}
    [2011/02/27 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7C9C1E94-8B6E-4846-A3B9-F0C1D44C8C1E}
    [2011/02/26 08:38:43 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{830AC3FA-AB8C-4CF7-B9E3-9D29C674591A}
    [2011/02/25 06:57:40 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{195EEEB7-BB1E-4396-8ABE-247BC6FB9F43}
    [2011/02/24 07:26:46 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D65C47C5-D3E8-49C9-BC27-253106AECF17}
    [2011/02/23 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{5390E175-2BCC-41FE-9328-4E60D38199B1}
    [2011/02/22 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{091B254C-7923-4AF1-BF52-3005513C7B95}
    [2011/02/22 07:25:46 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D3CD3918-8852-459F-9A8A-2DC04A9F6E38}
    [2011/02/21 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{917871B4-E750-4F66-BB15-5161D7D47067}
    [2011/02/21 07:25:22 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{CD6D9AD2-068B-4591-853C-8901E9E89694}
    [2011/02/18 09:36:30 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F2BF6EC5-F8B2-4C60-A354-19554B350770}
    [2011/02/17 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8C6190BE-1FCC-464F-98BD-0F16446E9A4D}
    [2011/02/17 09:35:54 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{DC4867AF-A5A5-4677-A27D-9F66BC8EB3BA}
    [2011/02/16 21:35:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{A10A8432-F3DB-4B6E-AC31-D15B4494563B}
    [2011/02/16 08:57:29 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{390D24B0-3736-4B11-B7F0-7C7D5882D023}
    [2011/02/15 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8A0A8988-9413-4A12-BD64-BBBB5D5262C5}
    [2011/02/15 08:41:39 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{43B4DF8E-8BA9-4D76-8A6A-84135AE8E18D}
    [2011/02/14 20:41:28 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{B98F9F26-7FAB-4A22-8CB6-0EB6C6590399}
    [2011/02/14 08:41:16 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{C204A290-8E89-4ECA-A44E-C404B4794ABA}
    [2011/02/13 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8621E408-23EE-4492-8ACB-888966B71F45}
    [2011/02/13 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{6121282C-4221-4408-9007-A6CFD554A1AD}
    [2011/02/12 20:40:41 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{177F25D3-92AC-4E3D-856A-5BE22CDDDC37}
    [2011/02/12 08:40:29 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{8D8256CE-7E6E-4935-A93E-0B2099DF1037}
    [2011/02/11 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7201AB48-BD00-48F7-8CC7-16E683AD421C}
    [2011/02/11 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{580DD5F8-DCA7-4FB9-84C3-8381F9880A16}
    [2011/02/10 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{922A1D63-C41C-4346-B267-4C829F93AC13}
    [2011/02/10 07:29:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{09F11D5F-9083-4DEC-8CF3-B0E81800CB4A}
    [2011/02/09 19:29:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D04F77B9-8AA1-4DA1-9C00-0DE729AC5DBC}
    [2011/02/09 07:29:06 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{1997D8F3-083F-4095-BA70-63F62BFF04E7}
    [2011/02/08 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{3E5421B0-31C9-47E9-8C4D-778D11546A1B}
    [2011/02/08 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{7F1F7C19-293C-4060-9214-599C93A69D80}
    [2011/02/07 19:28:18 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{D36CAE36-4438-48D3-8C6D-65FEDAF5B062}
    [2011/02/07 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{9C006C9C-72C5-4E8B-B5B0-AC809D1CB6CE}
    [2011/02/05 07:01:03 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{0DE4269B-E9E3-4F77-B9C5-44BE095837A7}
    [2011/02/04 10:36:37 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{702E1672-612F-4238-B1F5-AF7F39F14F33}
    [2011/02/03 22:36:26 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{F40341A6-D9C6-41F0-AB22-4FBBA49539B2}
    [2011/02/03 06:49:47 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{AE9692D1-55BA-415F-990C-FE09DB1B0CA3}
    [2011/02/02 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{E8DB9D0E-783F-47BE-AE47-DD5E1D87FDC1}
    [2011/02/01 18:49:12 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{A01A9B83-8DF2-400C-8D5D-4C1A9BD3870D}
    [2011/02/01 06:48:47 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{20A3B98C-F5EC-4E81-A867-35EA50186FAB}
    [2011/01/31 18:48:23 | 000,000,000 | ---D | C] -- C:\Users\Karoline Obora\AppData\Local\{055F82AE-8D3F-4C69-9E8F-BE68C24D9E0D}
    [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please be sure to include an update on how things are currently running
  • 0

#3
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP