It loks like many people the IE8 is redirecting links to other, but always different, websites.
For example, when I click on the link to a known and trusted website, Rodaways of WW1 I wind up going to http://www.tripadvis...u/Hotel_Review. Other times I get redirected to other sites.
I got confused following the opening instructions and I ran Malwarebytes' Anti-Malware first and got this log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6671
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/05/2011 6:49:35 PM
mbam-log-2011-05-25 (18-49-35).txt
Scan type: Quick scan
Objects scanned: 143252
Time elapsed: 7 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\msisipl.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipmontrk.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\reggenieonuninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
Then I ran OTL:
OTL logfile created on: 25/05/2011 7:00:47 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1015.23 Mb Total Physical Memory | 313.23 Mb Available Physical Memory | 30.85% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 128.35 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Computer Name: YOUR-4678038BAA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (SZASSIST) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe (Clarus, Inc.)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110524.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110524.018\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (mvd22) -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys ()
DRV - (mdf16) -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys ()
DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)
DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSFHWBS3) -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\incdrm.sys (Ahead Software AG)
DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\penclass.sys (Wacom Technology Corporation)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.BAK (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tsnintern...m.au/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/05/11 14:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/05/10 18:03:29 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.22.163.41 202.22.163.43
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 01:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell - "" = AutoRun
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{597cf8c6-c14f-11df-b9b3-b2228a5d1292}\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/25 18:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2011/05/25 18:39:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 18:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/25 18:39:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 18:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/24 22:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\TV
[2011/05/02 22:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DisplayTune
[2011/04/28 00:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\MyPublisher
[2011/04/27 15:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MyPublisher
[2010/05/19 12:50:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/25 19:01:09 | 000,000,610 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/25 18:52:40 | 000,012,474 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/05/25 18:52:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 18:39:54 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 23:57:22 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 18:23:17 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 17:12:57 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/05/18 16:26:21 | 001,829,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 14:56:32 | 000,593,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/10 18:04:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/10 18:04:07 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/10 18:04:07 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/10 18:04:07 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/09 16:02:58 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/02 17:03:50 | 001,572,114 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2011/05/01 19:14:14 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2011/04/29 13:29:05 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/25 18:39:54 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/24 23:57:22 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 23:42:40 | 000,000,366 | -HS- | C] () -- C:\WINDOWS\tasks\Ohbbhkzi.job
[2011/05/23 23:42:39 | 000,000,334 | -HS- | C] () -- C:\WINDOWS\tasks\Ztoku.job
[2011/05/23 23:42:39 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\VUCOAAUJ.job
[2011/05/10 22:23:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 19:08:04 | 000,000,087 | ---- | C] () -- C:\WINDOWS\Efamtree.ini
[2011/04/10 15:47:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/04/08 16:33:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2011/04/01 14:53:48 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/03/19 18:08:44 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2011/03/11 16:56:59 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\tigersetting.dll
[2011/03/11 16:55:11 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\init.dll
[2011/03/11 16:55:11 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SYSTEM32.dll
[2011/03/11 16:55:02 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\sound.dll
[2011/03/11 16:54:14 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/11 16:54:03 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2011/02/24 20:59:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\winscp.rnd
[2011/01/19 22:57:21 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/05 16:41:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 16:36:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/26 00:52:02 | 000,518,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/22 17:14:43 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Photobook Designer Prefs
[2010/12/16 15:13:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/12/16 15:13:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2010/11/05 15:41:09 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2010/09/25 22:16:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 17:45:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2010/06/27 14:28:40 | 000,241,744 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2010/06/27 14:28:39 | 001,018,880 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/06/04 21:44:35 | 000,012,474 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2010/05/20 16:00:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ESCHER.INI
[2010/05/19 12:50:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
[2010/05/19 12:50:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2010/05/19 12:50:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2010/04/16 16:14:14 | 000,000,555 | ---- | C] () -- C:\WINDOWS\Tcd_a579b07e.ini
[2010/03/18 18:16:25 | 000,000,620 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2010/03/18 11:03:17 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2010/03/18 10:58:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\presntr.ini
[2010/01/31 16:29:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/29 17:29:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/15 21:19:02 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/03 14:11:54 | 000,001,153 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2010/01/03 14:11:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2010/01/02 20:31:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/29 14:47:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2009/12/27 19:17:00 | 000,000,872 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/11/26 18:48:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/26 18:48:00 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/26 18:47:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 18:47:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 18:47:51 | 000,456,304 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 18:47:51 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 18:47:51 | 000,075,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 18:47:51 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 18:47:51 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 18:47:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/11/26 18:47:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 18:47:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 18:47:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 18:47:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 11:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/26 11:54:10 | 001,829,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 09:03:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/26 01:19:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/26 01:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/26 01:02:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[1999/05/07 19:12:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[1999/03/22 11:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010/12/29 20:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2010/08/07 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/01/14 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/12/04 21:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2010/12/29 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fpp
[2011/03/30 22:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2008/11/26 01:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/11/20 17:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S10 Software
[2010/06/10 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/14 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/05/25 17:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/12/29 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/04/10 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2011/05/25 19:01:09 | 000,000,610 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
[2011/05/25 18:52:22 | 000,000,366 | -HS- | M] () -- C:\WINDOWS\Tasks\Ohbbhkzi.job
[2011/05/25 18:52:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\VUCOAAUJ.job
[2011/05/25 18:52:22 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\Tasks\Ztoku.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D74B6CF5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1DD7A762
< End of report >
and finally:
OTL Extras logfile created on: 25/05/2011 7:00:48 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads\My DAP Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1015.23 Mb Total Physical Memory | 313.23 Mb Available Physical Memory | 30.85% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 128.35 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.29 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Computer Name: YOUR-4678038BAA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD SE
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AD84803D-ED53-44C9-8412-A87AAEB8E6DD}" = Eureka's Family Tree
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BBAB8CE2-6AE2-497C-A745-67A61134E72C}" = PIF DESIGNER2.1
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo MyAutoplay Menu_is1" = Ashampoo MyAutoplay Menu 1.0.3
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR310 Reference Guide" = ESPR310 Reference Guide
"ESPR310 Software Guide" = ESPR310 Software Guide
"EZemailBackup_is1" = EZ eMail Backup 2.0
"Foxit Reader" = Foxit Reader
"FreeZip" = FreeZip
"HDMI" = Intel® Graphics Media Accelerator Driver
"huey_is1" = huey 1.0.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = InCD EasyWrite Reader
"MyPublisher" = MyPublisher
"NIS" = Norton Internet Security
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PicaView32" = PicaView32
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/03/2011 2:00:28 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 22/03/2011 2:00:33 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 22/03/2011 8:45:44 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 24/03/2011 8:29:58 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting
module foxitr~1.exe, version 2.2.2007.2129, fault address 0x0007060d.
Error - 29/03/2011 2:00:33 AM | Computer Name = YOUR-4678038BAA | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/03/2011 1:01:22 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application foxitr~1.exe, version 2.2.2007.2129, faulting
module foxitr~1.exe, version 2.2.2007.2129, fault address 0x002d6ecd.
Error - 30/03/2011 1:12:31 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\acer.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Adobe Flash Player 9.0 r115 because of this
error. Program: Adobe Flash Player 9.0 r115 File: E:\acer.exe The error value is
listed in the Additional Data section. User Action 1. Open the file again. This situation
might be a temporary problem that corrects itself when the program runs again. 2.
If the file still cannot be accessed and - It is on the network, your network administrator
should verify that there is not a problem with the network and that the server
can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
verify that the disk is fully inserted into the computer. 3. Check and repair the
file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4.
If the problem persists, restore the file from a backup copy. 5. Determine whether
other files on the same disk can be opened. If not, the disk might be damaged.
If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance. Additional Data Error value: C0000240 Disk type: 5
Error - 30/03/2011 1:15:56 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application acer.exe, version 9.0.115.0, faulting module
acer.exe, version 9.0.115.0, fault address 0x0011e4d0.
Error - 4/04/2011 1:37:15 AM | Computer Name = YOUR-4678038BAA | Source = MsiInstaller | ID = 11907
Description = Product: Microsoft Office Enterprise 2007 -- Error 1907.Could not
register font . Verify that you have sufficient permissions to install fonts, and
that the system supports this font.
Error - 5/04/2011 2:53:35 AM | Computer Name = YOUR-4678038BAA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module coieplg.dll, version 2011.5.0.55, fault address 0x0000fd06.
[ OSession Events ]
Error - 27/01/2010 7:25:44 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1602 seconds with 1440 seconds of active time. This session ended with a
crash.
Error - 1/02/2010 1:28:00 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 643 seconds with 600 seconds of active time. This session ended with a crash.
Error - 3/02/2010 7:31:51 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 148 seconds with 120 seconds of active time. This session ended with a crash.
Error - 7/02/2010 2:33:35 AM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 698 seconds with 660 seconds of active time. This session ended with a crash.
Error - 3/05/2010 10:46:10 PM | Computer Name = YOUR-4678038BAA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 94 seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24/05/2011 11:10:20 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:10:30 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:10:41 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:10:51 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:11:02 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:11:12 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 24/05/2011 11:11:12 AM | Computer Name = YOUR-4678038BAA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Error - 24/05/2011 11:11:13 AM | Computer Name = YOUR-4678038BAA | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CDDVDW TS-H653N' (IDE\CdRomTSSTcorp_CDDVDW_TS-H653N________________0208____\5&204dc0f9&0&0.1.0)
disappeared from the system without first being prepared for removal.
Error - 24/05/2011 11:17:39 AM | Computer Name = YOUR-4678038BAA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.
Error - 24/05/2011 10:50:30 PM | Computer Name = YOUR-4678038BAA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.
< End of report >
However I still get directed and it took several goes to get to the Geeks to Go website. If I have done the tests the wrong way round I apologise.
Regards