Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how to remove about:blank


  • Please log in to reply

#1
curiousyello

curiousyello

    Member

  • Member
  • PipPip
  • 17 posts
Whenever I do a search using either Firefox or Internet Explorer the browser is first redirected to a page labelled about:blank. It then continues to the page or site I was searching for. Occasionally it has redirected me to another page entirely but I always shut it down as quickly as possible. I am using Windows XP Professional with Service Pack 3 on an IBM laptop. Below is the OTL data and thank you in advance for your valuable time, I really appreciate it.

OTL logfile created on: 5/22/2011 1:59:06 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 543.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 10.86 Gb Free Space | 19.43% Space Free | Partition Type: NTFS

Computer Name: IBM-4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 10:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/09 23:41:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/06/01 09:41:11 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/09/14 19:38:13 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/12 20:38:04 | 000,958,464 | ---- | M] () -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
PRC - [2006/10/05 20:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/07/25 11:19:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/07/11 18:04:42 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/06/29 18:34:20 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/05/30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/07/05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/07/03 00:20:48 | 000,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
PRC - [2004/04/01 11:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 10:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/03/09 23:41:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/06/01 09:41:24 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 10:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/14 19:38:13 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/07/11 18:04:42 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/07/11 17:52:52 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/07/03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 10:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 10:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 10:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 10:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 10:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 10:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 10:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/09/14 19:38:10 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2006/11/03 16:30:44 | 000,467,040 | ---- | M] (Atheros Communications, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N5SG.sys -- (N5SG)
DRV - [2006/09/27 21:56:20 | 000,172,401 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1046.sys -- (RDID1046)
DRV - [2006/08/03 02:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/03 02:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/07/21 03:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/07/11 17:52:50 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/01/13 01:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/25 22:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/13 22:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/29 05:38:08 | 000,010,940 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/01/23 09:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn) Philips WDM Video Decoder (PHILDECN)
DRV - [2000/01/08 10:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:04:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/04/05 06:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/04/05 06:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oldxufa7.default\extensions
[2011/04/22 20:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/10/10 10:47:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/04 09:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/30 11:04:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/18 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O15 - HKCU\..Trusted Domains: shaw.ca ([webmail] https in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1264811294317 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264811268990 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/22 16:47:41 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{62355ec0-f998-11df-aeb5-00028aa4ecb2}\Shell - "" = AutoRun
O33 - MountPoints2\{62355ec0-f998-11df-aeb5-00028aa4ecb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62355ec0-f998-11df-aeb5-00028aa4ecb2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 10:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\INSIDE JOB DVD
[2011/05/06 22:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Smaller Guitar images to mail
[2011/04/24 07:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/04/24 06:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/04/22 20:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2011/05/22 13:26:51 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{CC379323-7652-4CF5-8BFC-F644E13DA335}
[2011/05/22 13:26:44 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{CC379323-7652-4CF5-8BFC-F644E13DA335}
[2011/05/22 13:26:37 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/05/22 13:26:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 13:25:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 13:25:51 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 11:18:22 | 000,192,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\in.mp3
[2011/05/18 11:16:06 | 000,057,087 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\europa.pdf
[2011/05/18 11:15:07 | 000,055,565 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wish.pdf
[2011/05/18 11:14:34 | 000,055,614 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\louie.pdf
[2011/05/18 11:13:56 | 000,074,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\stella.pdf
[2011/05/18 11:13:43 | 000,074,684 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\stella tuck.pdf
[2011/05/18 08:23:27 | 005,352,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rainbow Brain.pdf
[2011/05/18 08:13:32 | 001,041,638 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\better.wav
[2011/05/18 08:12:28 | 000,035,658 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\everything.pdf
[2011/05/18 07:59:58 | 000,052,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\better.pdf
[2011/05/10 18:43:49 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Best Abstinence Advice Ever Mother Jones.url
[2011/05/05 22:52:40 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Stefano Mancuso The roots of plant intelligence Video on TED.com.url
[2011/05/05 22:12:03 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Steven Levitt analyzes crack economics Video on TED.com.url
[2011/05/05 07:51:36 | 000,210,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LOW RES 1.jpg
[2011/05/04 10:24:44 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Eli Pariser Beware online filter bubbles Video on TED.com (2).url
[2011/05/04 10:23:57 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Eli Pariser Beware online filter bubbles Video on TED.com.url
[2011/05/04 10:18:12 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Isabel Behncke Evolution's gift of play, from bonobo apes to humans Video on TED.com.url
[2011/05/04 10:11:25 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Morgan Spurlock The greatest TED Talk ever sold Video on TED.com.url
[2011/04/29 15:59:41 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WOW! JUST WOW! AS200 Blondie!.url
[2011/04/28 20:27:59 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1988 - Ibanez Semi & Full Acoustic Electric Guitars - Artstar (AM, AS, AF, AE) Series - Ibanez Catalogs - Ibanez wiki.url
[2011/04/28 20:26:14 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Print Page - F-S AS200NT Blondie.url
[2011/04/28 07:38:44 | 053,088,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Eleanor Rigby - Obladi.wav
[2011/04/28 07:37:03 | 043,742,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birthday - Conga.wav
[2011/04/28 07:34:57 | 054,985,228 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Water Come A Me Eye - Kirby.wav
[2011/04/28 07:32:51 | 076,025,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ranchera norm.wav
[2011/04/28 07:25:52 | 037,627,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Muti Wambuya normalized.wav
[2011/04/27 09:05:04 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 22:04:28 | 024,314,524 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Streamline normalized.wav
[2011/04/25 21:59:23 | 046,922,012 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Toko normalized.wav
[2011/04/25 21:56:32 | 068,779,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Manhanga Waco normalized.wav
[2011/04/25 21:52:10 | 065,123,260 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Stir Up the Nest normalized.wav
[2011/04/25 21:47:32 | 053,687,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Storkamudiki - Ho 2011 normalized.wav
[2011/04/25 21:44:28 | 052,365,916 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malecon normalized.wav
[2011/04/25 21:40:44 | 042,733,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chicha Fuerte normalized.wav
[2011/04/25 18:12:02 | 741,885,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\STE-000.wav
[2011/04/25 16:45:33 | 042,733,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chicha Fuerte.wav
[2011/04/25 16:41:23 | 046,922,012 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Toko.wav
[2011/04/25 16:36:37 | 052,365,916 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malecon.wav
[2011/04/25 16:33:50 | 024,314,524 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Streamline.wav
[2011/04/25 16:28:38 | 068,779,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Manhanga Waco.wav
[2011/04/25 16:15:44 | 065,123,260 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Stir.wav
[2011/04/25 16:11:38 | 053,687,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Storkamudiki - Ho 2011.wav
[2011/04/25 11:16:50 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\No Mercy How Conservative Think Tanks and Foundations Changed America's Social Agenda Amazon.ca Jean Stefancic, Richard Delgado Books.url
[2011/04/25 07:46:32 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women (3).url
[2011/04/25 07:46:24 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women (2).url
[2011/04/25 07:46:19 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women.url
[2011/04/24 08:16:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/22 20:39:27 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/22 20:16:41 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/22 19:50:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/22 19:48:22 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/22 19:48:22 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/22 19:41:12 | 002,006,208 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Files Created - No Company Name ==========

[2011/05/18 11:18:20 | 000,192,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\in.mp3
[2011/05/18 11:16:05 | 000,057,087 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\europa.pdf
[2011/05/18 11:15:07 | 000,055,565 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wish.pdf
[2011/05/18 11:14:34 | 000,055,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\louie.pdf
[2011/05/18 11:13:56 | 000,074,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\stella.pdf
[2011/05/18 11:13:43 | 000,074,684 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\stella tuck.pdf
[2011/05/18 08:23:17 | 005,352,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rainbow Brain.pdf
[2011/05/18 08:13:22 | 001,041,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\better.wav
[2011/05/18 08:12:27 | 000,035,658 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\everything.pdf
[2011/05/18 07:59:58 | 000,052,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\better.pdf
[2011/05/10 18:43:49 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Best Abstinence Advice Ever Mother Jones.url
[2011/05/05 22:52:40 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Stefano Mancuso The roots of plant intelligence Video on TED.com.url
[2011/05/05 22:12:03 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Steven Levitt analyzes crack economics Video on TED.com.url
[2011/05/05 07:52:54 | 000,210,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LOW RES 1.jpg
[2011/05/04 10:24:44 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eli Pariser Beware online filter bubbles Video on TED.com (2).url
[2011/05/04 10:23:56 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eli Pariser Beware online filter bubbles Video on TED.com.url
[2011/05/04 10:18:12 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Isabel Behncke Evolution's gift of play, from bonobo apes to humans Video on TED.com.url
[2011/05/04 10:11:25 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Morgan Spurlock The greatest TED Talk ever sold Video on TED.com.url
[2011/04/29 15:59:41 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WOW! JUST WOW! AS200 Blondie!.url
[2011/04/28 20:27:59 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1988 - Ibanez Semi & Full Acoustic Electric Guitars - Artstar (AM, AS, AF, AE) Series - Ibanez Catalogs - Ibanez wiki.url
[2011/04/28 20:26:14 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Print Page - F-S AS200NT Blondie.url
[2011/04/28 07:31:53 | 076,025,908 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ranchera norm.wav
[2011/04/28 07:25:28 | 037,627,648 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Muti Wambuya normalized.wav
[2011/04/25 22:03:23 | 024,314,524 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Streamline normalized.wav
[2011/04/25 21:57:27 | 046,922,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Toko normalized.wav
[2011/04/25 21:53:31 | 068,779,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Manhanga Waco normalized.wav
[2011/04/25 21:48:31 | 065,123,260 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Stir Up the Nest normalized.wav
[2011/04/25 21:45:15 | 053,687,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Storkamudiki - Ho 2011 normalized.wav
[2011/04/25 21:42:32 | 052,365,916 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malecon normalized.wav
[2011/04/25 21:38:56 | 042,733,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chicha Fuerte normalized.wav
[2011/04/25 16:57:34 | 043,742,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birthday - Conga.wav
[2011/04/25 16:49:39 | 053,088,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eleanor Rigby - Obladi.wav
[2011/04/25 16:45:11 | 042,733,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chicha Fuerte.wav
[2011/04/25 16:41:00 | 046,922,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Toko.wav
[2011/04/25 16:36:13 | 052,365,916 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malecon.wav
[2011/04/25 16:33:39 | 024,314,524 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Streamline.wav
[2011/04/25 16:28:03 | 068,779,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Manhanga Waco.wav
[2011/04/25 16:15:05 | 065,123,260 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Stir.wav
[2011/04/25 16:11:06 | 053,687,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Storkamudiki - Ho 2011.wav
[2011/04/25 16:05:37 | 054,985,228 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Water Come A Me Eye - Kirby.wav
[2011/04/25 15:12:35 | 741,885,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\STE-000.wav
[2011/04/25 11:16:46 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\No Mercy How Conservative Think Tanks and Foundations Changed America's Social Agenda Amazon.ca Jean Stefancic, Richard Delgado Books.url
[2011/04/25 07:46:32 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women (3).url
[2011/04/25 07:46:24 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women (2).url
[2011/04/25 07:46:19 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\matti333 Vancouver British Columbia singles, Vancouver British Columbia women.url
[2011/04/22 20:39:27 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/22 20:39:27 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/17 20:35:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/03/16 10:36:18 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2009/04/05 06:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/14 19:38:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\ldoce.dat
[2008/01/23 22:12:43 | 000,031,862 | ---- | C] () -- C:\WINDOWS\System32\RdCi1046.dll
[2008/01/23 22:12:43 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\RD3T1046.DAT
[2007/11/28 17:04:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/09/16 21:21:06 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/16 11:42:12 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2007/09/16 11:41:56 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2007/09/16 11:41:56 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2007/06/28 12:17:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2007/06/24 18:47:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/30 17:54:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/23 20:36:43 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/11/23 20:34:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/11/22 16:38:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2006/11/22 16:38:03 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2006/11/22 16:38:03 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2006/11/22 16:38:03 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/11/22 16:38:03 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2006/11/22 16:37:18 | 000,000,132 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/22 16:36:10 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/11/22 16:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/22 16:31:02 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/11/22 16:27:37 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/22 16:27:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/22 16:25:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/22 16:19:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/22 16:13:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/22 16:12:58 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/11 17:52:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2005/11/30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/04/08 17:42:06 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/05/14 18:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/01/04 08:29:47 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/08/31 16:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[2001/05/30 12:36:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[1999/01/22 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 01:00:00 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 01:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 01:00:00 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 01:00:00 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 01:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980/01/01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 01:00:00 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980/01/01 01:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 01:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1980/01/01 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/04/04 23:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2011/04/24 09:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Celemony Software GmbH
[2009/05/15 00:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FLVPlayer4Free
[2007/09/16 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/06/20 08:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NetMedia Providers
[2010/12/13 22:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neuratron
[2010/06/20 08:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/01/30 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RecordNow
[2010/11/12 21:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
[2006/11/22 16:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2009/07/04 01:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2006/11/30 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/08/12 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/04/04 23:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/11/30 18:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2010/01/05 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on Combofix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image



Ron
  • 0

#3
curiousyello

curiousyello

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I did the Malwatebytes update and scan, the results of which are posted below. Downloaded ComboFix and accepted disclaimers. It did not get to the Recovery Console stage. In attempting to do a backup it said I was missing a necessary Windows file and asked my permission to update that file which it did successfully. Next was the Blue DOS window which said it was scanning for infected files and could take 10 or 20 minutes. The cursor dash was flashing but the drive light on my computer was not. I let it sit for an hour but nothing happened or changed. Windows wouldn't let me close it and I had to reboot to regain functionality. Incidentally this was the first reboot during the whole process - I didn't reboot after the Malwarebytes update, the Windows file update or the Combofix installation.

Should I try running Combofix again?

Thanks.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6674

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2011 10:29:45 AM
mbam-log-2011-05-25 (10-29-45).txt

Scan type: Quick scan
Objects scanned: 166217
Time elapsed: 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Go on to the aswMBR program first and post the log then try Combofix again but first:

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Then try Combofix again.

Ron
  • 0

#5
curiousyello

curiousyello

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK, here's the aswMBR log. The FIX button was enabled.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-25 12:54:19
-----------------------------
12:54:19.994 OS Version: Windows 5.1.2600 Service Pack 3
12:54:19.994 Number of processors: 1 586 0x209
12:54:19.994 ComputerName: IBM-4 UserName:
12:54:21.055 Initialize success
12:54:24.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:54:24.370 Disk 0 Vendor: TOSHIBA_MK6022GAX HB002A Size: 57231MB BusType: 3
12:54:26.463 Disk 0 MBR read successfully
12:54:26.473 Disk 0 MBR scan
12:54:26.483 Disk 0 unknown MBR code
12:54:28.506 Disk 0 scanning sectors +117210240
12:54:28.536 Disk 0 scanning C:\WINDOWS\system32\drivers
12:54:37.058 Service scanning
12:54:38.510 Disk 0 trace - called modules:
12:54:38.540 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS i8042prt.sys tp4track.sys mouclass.sys
12:54:38.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f5fab8]
12:54:38.580 3 CLASSPNP.SYS[f7581fd7] -> nt!IofCallDriver -> \Device\00000082[0x86f069e8]
12:54:38.600 5 ACPI.sys[f74d8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f39940]
12:54:38.861 Scan finished successfully
12:55:33.519 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
12:55:33.580 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


Will now continue as directed.
  • 0

#6
curiousyello

curiousyello

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Unfortunately the results were the same. Ran the aswMBR and posted above. Disabled the Avast sandbox. Ran Combofix again - this time it said an update was available and I updated. But the attempt to scan was similarly unsuccessful - during the system restore point backup the drive light was on but during Scanning For Infected Files I left it for 20 - 25 minutes and the cursor blinked away but no scanning appeared to be taking place - certainly the drive light was off for over 20 minutes with no blinking or anything.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
Are you sure the FIX button was enabled and not the FixMBR button? If so, run it again and press the FIX button.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#8
curiousyello

curiousyello

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oops, it was the fixMBR button not the FIX button.

In the event viewer a right click on System gives me the choices Open Log file, Save Log file As, New Log View and Clear All Events (Rename, Refresh,Properties, Help). Should I clear all events?
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
clear all events
  • 0

#10
curiousyello

curiousyello

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK - Sigverif found one file not digitally signed: n5sg.sys in C:\windown\system32\drivers version4.1.2.714

System log:
Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/05/2011 10:45:43 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error

Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error

Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error

Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error

Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application scan:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/05/2011 10:51:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks, Ron!
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,330 posts
  • MVP
You are getting a lot of these:
"Log: 'System' Date/Time: 25/05/2011 10:09:27 PM
Type: error Category: 49
Event: 50181 Source: ati2mtag
I2C read/write error"

Looks like you have a bad Video driver. You need to see if there is a newer version. I'd start at the PC maker's website and see if they have one newer than what you have.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP