Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browers (both Firefox & IE)are EXTREMELY slow


  • Please log in to reply

#16
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step 3.

Please post:

mbam log
eset log


Please give me an update on how your computer is doing!


Other issues:

As far a Systemworks, I use the mostly "Find and Fix Problems." "Find and Fix" has 3 sub modules: One Button Checkup, Norton WinDoctor and Norton DiscDoctor. I use the "One Button Checkup" weekly. It has 4 scans enabled:
Windows Registry Scan
Program Integrity Scan
Shortcut Scan
Norton Cleanup Scan

[The Virus Definitions, Auto-Protect and Last Virus Scan Checks are all disabled]

The other two modules I use rarely (I probably should use them more often.) Also the other main capabilities

Monitor System Performance
Clean Up Your PC
Optimize Your PC
Erase Unwanted Data
Rescue Deleted Files

are very rarely used. In fact, I don't think I ever used the last two.


These tools are mostly not necessary, of little value, and especially in the case of the registry tools may do harm with very little upside.

I again would recommend that you remove system works to improve your computer performance (instructions in post #8 Step 2), it loads several things at start up unnecessarily that consume resources and slow your computer startup and operation.

When we finish the malware removal I will give you some recommendations for tools to keep your computer running safely and smoothly.


Thanks,

CompCav
  • 0

Advertisements


#17
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

I have been using Malwarebytes (Free Version) for several years so I did not have to download it. I did the quick scan and it found 2 problems.

I then tried to run the ESET Online Scan from IE as you instructed, but I could not. I tried several times and each time I got a message about if you go back you will lose information blah, blah blah....... Then I would get a message asking if I wanted to install ESET.spol.s.r.a

I then shut down IE and tried Firefox. Firefox asked me to download the executable, which I did. I then ran it, and scan commenced. It ran for almost 5 hours and found 19 unwanted objects.

UNFORTUNATELY, I closed window that had the uninstall link. The window that was still open said that I was using a browser other than IE and the when complete I should click on the uninstall link, BUT, as I said, I closed that window. DO I NEED TO UNINSTALL THE ESET PROGRAM.

I will take your advice about Systemworks when we are done and you advise me on better substitutes. (What is interesting is that the Task Manager does not show any SYMANTEC/NORTON programs running in the background. Why does MicroSoft always provide limited information in all its software?)

Lastly, below are the mbam log and the ESET log:


---------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7926

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/12/2011 1:22:59 AM
mbam-log-2011-10-12 (01-22-59).txt

Scan type: Quick scan
Objects scanned: 368895
Time elapsed: 23 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC} (Trojan.ZbotR.Gen) -> Value: {7FB644AF-C1B3-F973-93FD-BC72DAABCAAC} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\2600 (Trojan.Agent) -> Value: 2600 -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



-------------------------------------------------



C:\Documents and Settings\Baba\Desktop\GooredFix Backups\C\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Baba\Desktop\GooredFix Backups\C\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions\{09ee7db3-134a-43b1-9977-7293a87f569c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Luli\Application Data\Mozilla\Firefox\Profiles\jb86guyn.default\extensions\{9d5b705c-2c3a-47dc-b3a3-fba8cab6431e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Luli\Application Data\Viur\huzao.exe a variant of Win32/Kryptik.TRG trojan cleaned by deleting - quarantined
C:\Downloads\freeripmp3.exe Win32/Adware.ADON application deleted - quarantined
C:\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined
C:\RECYCLER\NPROTECT\00211455.MAN Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\RECYCLER\NPROTECT\00211457.MAN Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\RECYCLER\NPROTECT\00211462.MAN Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\RECYCLER\NPROTECT\00211464.MAN Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\RECYCLER\NPROTECT\00211465.exe a variant of Win32/Kryptik.TRG trojan cleaned by deleting - quarantined
C:\RECYCLER\NPROTECT\00211468.EXE Win32/Adware.ADON application deleted - quarantined
C:\RECYCLER\NPROTECT\00211474.EXE a variant of Win32/RegistryBooster application deleted - quarantined
C:\System Volume Information\_restore{F1B33AD0-DB84-4E6E-992C-6C030788C3AF}\RP645\A0191119.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1B33AD0-DB84-4E6E-992C-6C030788C3AF}\RP698\A0209227.exe a variant of Win32/Kryptik.TRG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F1B33AD0-DB84-4E6E-992C-6C030788C3AF}\RP698\A0209228.EXE Win32/Adware.ADON application deleted - quarantined
C:\System Volume Information\_restore{F1B33AD0-DB84-4E6E-992C-6C030788C3AF}\RP698\A0209229.EXE a variant of Win32/RegistryBooster application deleted - quarantined
C:\_OTL\MovedFiles\10102011_143434\C_Documents and Settings\Baba\Application Data\Xopix\qoro.exe a variant of Win32/Kryptik.TQY trojan cleaned by deleting - quarantined
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

DO I NEED TO UNINSTALL THE ESET PROGRAM.

No it is not an issue. We will do clean up at the end. :)




Please give me an update on how your computer is doing!



Then I will prepare the next post based on your response.
  • 0

#19
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

It is hard for me to judge with certainty, but Firefox appears to be working OK. I also connected with my office and with my association's server in California with no problem.

My wife shut down the computer earlier this evening and when I rebooted it took 1 min and 35 seconds to boot to the Welcome Window. I then clicked on my icon and it took about 25 sec to get to my desktop and to begin loading everything. AVIRA came in with a big update from Premium to Premium 2012 which took much time. Once done I loaded FIREFOX and it to about 55 sec to load.

I use a WD 500 GIG external for back-ups. Although I do not have automatic backups, in fact, I unplug the drive from both power and from my computer, the WD system runs three programs in the background, according to the Task Manager: WDDMService.exe, WDDMStatus.exe and WDSC.exe One of these sometimes drives the CPU Usage to 95+ percent. I would really like to "kill" these programs and only run them when I do a backup. This is another topic I hope we can address when we are done with the virus/maleware problems.

SO, ALL APPEARS OK.
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    :files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter Run the Restart-Defrag-Restart + Full Disk Check.


Step 2.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image


Step 3.

Selective Startup

Let's disable the startup item for your WD backup system.

Go to Start > Run.

Type msconfig and press Enter.
Posted Image
The Startup tab allows you to individual disable or re-enable startup items. Please uncheck WDDM Status with location imilar to this: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
Posted Image
Click OK and restart.
Posted Image

Step 4.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 5.

Run OTL Scan

Please reopen Posted Image on your desktop.
Please check Scan All Users
Under Extra Registry select Use SafeList
Please post the OTL.txt and Extras.txt in the next reply.


Step 6.

Please post:

OTL fix log
OTL.txt
Extras.txt


Please tell me if the performance of your computer has improved and any other notable issues.
  • 0

#21
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

The Defraging took about 35+ hours, hence my delay in replying.

One issue came up on this phase. After I restarted in Step 3 (the removal of the WD file) I was prompted with a window suggesting I do something with the boot.ini There were three options, but if I remember correctly, I chose the last one. I apologize I am not more exact, I should have written it all down.

The various logs are below


----------------------------



All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Baba\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Baba\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JAMES-HOME2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOW2
->Temp folder emptied: 0 bytes

User: Ariadne Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Baba
->Temp folder emptied: 994967 bytes
->Temporary Internet Files folder emptied: 2074095 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37825463 bytes
->Flash cache emptied: 2752 bytes

User: Danae

User: Danae Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOW2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: James Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Luli
->Temp folder emptied: 4701 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66114400 bytes
->Flash cache emptied: 765 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27963704 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 191488 bytes

Total Files Cleaned = 129.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.JAMES-HOME2

User: All Users

User: All Users.WINDOW2

User: Ariadne Saklas
->Flash cache emptied: 0 bytes

User: Baba
->Flash cache emptied: 0 bytes

User: Danae

User: Danae Saklas
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOW2
->Flash cache emptied: 0 bytes

User: James Saklas
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: Luli
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: Owner
->Flash cache emptied: 0 bytes

User: Rosalia Saklas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10132011_174838

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




-------------------------------



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira Antivirus Premium 2012
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java Web Start
Java™ 6 Update 20
Java 2 Runtime Environment, SE v1.4.1_02
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


-------------------------


OTL logfile created on: 10/14/2011 6:22:06 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 63.10% Memory free
2.11 Gb Paging File | 1.63 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.00 Gb Free Space | 21.47% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 30.99 Gb Free Space | 83.17% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 17:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\NswUiTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/13 17:48:44 | 000,000,098 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\dietrich2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\dietrich2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/06 02:32:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[2011/09/14 22:21:41 | 000,000,000 | ---D | C] -- C:\Car Stuff
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/14 18:09:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/10/14 18:07:43 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/14 18:07:38 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/14 18:07:23 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/14 18:06:58 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 17:48:44 | 000,000,098 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\Hosts
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/11 21:35:54 | 000,000,226 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/11 21:35:13 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/09/15 10:03:11 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 23:02:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/14 23:34:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/08 23:23:27 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\6E92.F8A
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,226 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

< End of report >



-----------------------------



OTL Extras logfile created on: 10/14/2011 6:22:06 PM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 63.10% Memory free
2.11 Gb Paging File | 1.63 Gb Available in Paging File | 77.37% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.00 Gb Free Space | 21.47% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 30.99 Gb Free Space | 83.17% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 10:25:37 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:25:41 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module mozalloc.dll, version 6.0.2.4262, fault address 0x00001a39.

Error - 9/8/2011 11:43:15 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application ootp11.exe, version 11.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 1:18:44 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module nspr4.dll, version 4.8.9.0, fault address 0x000092ac.

Error - 9/28/2011 5:02:50 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 11:01:16 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:00:33 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:01:39 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2011 11:24:35 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

[ System Events ]
Error - 10/13/2011 5:48:42 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 5:48:42 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/13/2011 5:52:48 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/13/2011 5:55:26 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/13/2011 5:55:33 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/13/2011 5:55:33 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/14/2011 6:07:59 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/14/2011 6:10:57 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/14/2011 6:10:58 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/14/2011 6:11:02 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

#22
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We have a few updates to do :)


Step 1.

Update Java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to clear the Java Cache, remove older version Java components, and update:

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files


  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

    Download Current Version of Java
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Scroll down to where it says "Java SE 7.
  • Click the "Download" button to the right for JRE.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation, jre-7 windows-i586.exe and save the file to your desktop.


    Uninstall Old Java
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    You have Java 6 Update 20
    Java Auto uploader
    Java 2 Runtime environment
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.

    Install New Java
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.


Step 2.

Update Adobe Flash Player

Please go to Update Flash Player. If you go there using Firefox it should say Windows 32-bit , English, Firefox

Un check McAfee Scan.

Click Download Nowand once it is downloaded, install it..

Then go back to the main Flash Player page and click Do you have a different system or browser?

Select Windows 7 (32-bit)/Vista/XP/2008/2003

Select Flash Player for Internet Explorer.

Then click Download Now and once it is downloaded, install it.


Step 3.

Please let me know how the computer is performing. Is the slowness gone? Any other issues?
  • 0

#23
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,


Something is wrong. The machine is again very slow. In the Task Manager, I see 7 svchost.exe programs running, two in LOCAL SERVICE, two in NETWORK SERVICE, and 3 in SYSTEM. One of them in SYSTEM runs up without any program running to 500,000K to 900,000K Mem Usage, and also, most of the time, pushes the CPU Usage to 100%. I think this problem first occurred after the defragging.

Should I go ahead with the instructions immediately above (in your posting #22) or should I wait until we address this new problem?

js
  • 0

#24
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
ComCav,

I have another problem. I lost all sound.

js
  • 0

#25
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please run the following for me:

Step 1.

A full scan with Avira and let it quarantine anything it finds.

Step 2.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Click Run Scan
  • Please post the OTL.txt and Extras.txt in the next reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image




Step 4.

Please post the following logs:


aswMBR log
OTL.txt
Extras.txt

  • 0

Advertisements


#26
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

Another problem. Windows hit some type of error (Run Time??) with AVIRA's Full Scan and shut down the AVIRA program. I am now running the AVIRA module for Rootkits and active Malware. It is running OK so far. If it runs to completion,and finds nothing, should I run the AVIRA module for Quick System Scan? or follow new instructions?

js
  • 0

#27
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Run the AVIRA module for Quick System Scan

Then OTL and AaswMBR from previous post.
  • 0

#28
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

I didn't expect my problem would as bad as it is.

The svchost.exe file is unbelievable. I end the process from the Task Manager and it comes back at around 1000K of Mem Usage and then slowly builds to from 500,000K to 900,000K. I click End Process; it disapears; it come back a 1000+/-K and then starts to build again. The other six svcshost.exe files don't change much and use <2000K.

Below are the requested logs; the AVIRA Quickscan found nothing.

------------------------------------




Avira Antivirus Premium 2012
Report file date: Sunday, October 16, 2011 09:30

Scanning for 3395449 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : JAMES SAKLAS
Serial number : 2211382182-PEPWE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Baba
Computer name : JAMES-HOME

Version information:
BUILD.DAT : 12.0.0.871 42512 Bytes 10/12/2011 17:08:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 10/5/2011 14:24:16
AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 17:34:57
LUKE.DLL : 12.1.0.17 68304 Bytes 10/5/2011 14:24:24
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 10/5/2011 14:24:16
AVREG.DLL : 12.1.0.20 227024 Bytes 10/5/2011 14:24:15
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 18:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 13:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 15:44:27
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 15:44:27
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 15:44:27
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 15:44:27
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 15:44:27
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 15:44:27
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 03:04:29
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 03:04:30
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 03:04:31
VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 12:01:14
VBASE017.VDF : 7.11.16.2 2048 Bytes 10/14/2011 12:01:14
VBASE018.VDF : 7.11.16.3 2048 Bytes 10/14/2011 12:01:15
VBASE019.VDF : 7.11.16.4 2048 Bytes 10/14/2011 12:01:15
VBASE020.VDF : 7.11.16.5 2048 Bytes 10/14/2011 12:01:15
VBASE021.VDF : 7.11.16.6 2048 Bytes 10/14/2011 12:01:16
VBASE022.VDF : 7.11.16.7 2048 Bytes 10/14/2011 12:01:16
VBASE023.VDF : 7.11.16.8 2048 Bytes 10/14/2011 12:01:16
VBASE024.VDF : 7.11.16.9 2048 Bytes 10/14/2011 12:01:16
VBASE025.VDF : 7.11.16.10 2048 Bytes 10/14/2011 12:01:16
VBASE026.VDF : 7.11.16.11 2048 Bytes 10/14/2011 12:01:16
VBASE027.VDF : 7.11.16.12 2048 Bytes 10/14/2011 12:01:17
VBASE028.VDF : 7.11.16.13 2048 Bytes 10/14/2011 12:01:17
VBASE029.VDF : 7.11.16.14 2048 Bytes 10/14/2011 12:01:17
VBASE030.VDF : 7.11.16.15 2048 Bytes 10/14/2011 12:01:17
VBASE031.VDF : 7.11.16.18 15360 Bytes 10/14/2011 16:01:44
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/2/2011 03:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 10/4/2011 23:01:31
AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 03:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 9/2/2011 03:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 03:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 9/22/2011 20:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 9/16/2011 05:17:25
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 10/13/2011 03:04:40
AEHELP.DLL : 8.1.17.7 254327 Bytes 9/2/2011 03:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 9/2/2011 03:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 03:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 9/2/2011 03:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 03:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 10/5/2011 14:24:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 10/5/2011 14:24:15
AVREP.DLL : 12.1.0.17 179920 Bytes 10/5/2011 14:24:15
AVARKT.DLL : 12.1.0.17 223184 Bytes 10/5/2011 14:24:12
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 10/5/2011 14:24:14
SQLITE3.DLL : 3.7.0.0 398288 Bytes 10/5/2011 14:24:28
AVSMTP.DLL : 12.1.0.17 63440 Bytes 10/5/2011 14:24:16
NETNT.DLL : 12.1.0.17 17104 Bytes 10/5/2011 14:24:25
RCIMAGE.DLL : 12.1.0.17 4493520 Bytes 10/5/2011 14:24:33
RCTEXT.DLL : 12.1.0.16 96208 Bytes 9/23/2011 17:37:28

Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Sunday, October 16, 2011 09:30

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'WDSC.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'Mixer.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'WDDMService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '5215' files ).


Starting the file scan:

Begin scan in 'C:\Documents and Settings\Baba'
Begin scan in 'C:\WINDOW2'
Begin scan in 'C:\Documents and Settings\All Users.WINDOW2'
Begin scan in 'C:\Program Files'


End of the scan: Sunday, October 16, 2011 11:57
Used time: 2:26:54 Hour(s)

The scan has been done completely.

8010 Scanned directories
518187 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
518187 Files not concerned
2383 Archives were scanned
0 Warnings
0 Notes



----------------------------------



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-16 15:14:12
-----------------------------
15:14:12.656 OS Version: Windows 5.1.2600 Service Pack 3
15:14:12.656 Number of processors: 1 586 0x207
15:14:12.656 ComputerName: JAMES-HOME UserName: Baba
15:14:33.406 Initialize success
15:15:18.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
15:15:18.218 Disk 0 Vendor: WDC_WD800JB-00FMA0 13.03G13 Size: 76319MB BusType: 3
15:15:18.218 Device \Driver\atapi -> DriverStartIo 8a1cd2c6
15:15:18.265 Disk 0 MBR read successfully
15:15:18.265 Disk 0 MBR scan
15:15:18.281 Disk 0 TDL4@MBR code has been found
15:15:18.281 Disk 0 Windows XP default MBR code found via API
15:15:18.281 Disk 0 MBR hidden
15:15:18.281 Disk 0 MBR [TDL4] **ROOTKIT**
15:15:18.312 Disk 0 trace - called modules:
15:15:18.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a1cd49f]<<
15:15:18.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2d8ab8]
15:15:18.328 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a2bc9e8]
15:15:18.328 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a2bad98]
15:15:18.562 \Driver\atapi[0x8a2cb560] -> IRP_MJ_CREATE -> 0x8a1cd49f
15:15:18.562 Scan finished successfully
15:16:13.578 Disk 0 MBR has been saved successfully to "C:\Computer\MBR.dat"
15:16:13.578 The log file has been saved successfully to "C:\Computer\aswMBR 10-16-11.txt"


-------------------------------------


OTL logfile created on: 10/16/2011 3:18:12 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.68% Memory free
2.23 Gb Paging File | 1.57 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/03 23:11:28 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/03 23:11:40 | 001,833,112 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/10/03 23:11:38 | 000,161,944 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/10/03 23:11:38 | 000,021,656 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/13 17:48:44 | 000,000,098 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - HKU\S-1-5-21-299502267-115176313-839522115-1005..\Run: [{7FB644AF-C1B3-F973-F69A-00CABFCC7614}] "C:\Documents and Settings\Luli\Application Data\Viur\huzao.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\doody1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\doody1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/06 02:32:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 14:31:08 | 000,001,324 | ---- | M] () -- C:\WINDOW2\System32\d3d9caps.dat
[2011/10/16 12:02:41 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/16 12:02:00 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/16 09:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/16 09:16:12 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 12:32:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/10/15 11:03:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/13 17:48:44 | 000,000,098 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\Hosts
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/11 21:35:54 | 000,000,226 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/10/01 04:00:02 | 000,000,388 | ---- | M] () -- C:\WINDOW2\tasks\Norton AntiVirus - Baba - Full System Scan.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[1 C:\Documents and Settings\Baba\*.tmp files -> C:\Documents and Settings\Baba\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOW2\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 23:02:29 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2011/08/08 23:23:27 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\6E92.F8A
[2011/07/04 16:49:45 | 000,001,324 | ---- | C] () -- C:\WINDOW2\System32\d3d9caps.dat
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,226 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

< End of report >



--------------------------------------



OTL Extras logfile created on: 10/16/2011 3:18:12 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.68% Memory free
2.23 Gb Paging File | 1.57 Gb Available in Paging File | 70.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 10:25:41 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module mozalloc.dll, version 6.0.2.4262, fault address 0x00001a39.

Error - 9/8/2011 11:43:15 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application ootp11.exe, version 11.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 1:18:44 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.2.4262, faulting
module nspr4.dll, version 4.8.9.0, fault address 0x000092ac.

Error - 9/28/2011 5:02:50 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 11:01:16 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:00:33 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 10:01:39 AM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2011 11:24:35 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

Error - 10/15/2011 3:46:42 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Network Connections service terminated unexpectedly. It has done
this 2 time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 2 time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Remote Access Connection Manager service terminated unexpectedly.
It has done this 2 time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 5 time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 2 time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 2
time(s).

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7031
Description = The Windows Time service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/16/2011 10:40:29 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 5 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 10/16/2011 1:54:39 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/16/2011 1:57:22 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >
  • 0

#29
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
You have been reinfected but with a different set of malware.

Do you have your Windows XP Install CD?


VirusTotal File Scan

Please go to: VirusTotal
Posted Image

Click the Choose File button and search for the following file: C:\WINDOW2\mixer.exe
Click Open
Then click Send File


If it says already scanned -- click "reanalyze now"

Please be patient while the file is scanned.
Once the scan results appear, please click on the Compact button.
A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
Copy and Paste the contents of the text in the BBCode into your next reply for me to review.



Please post the results in your next reply
  • 0

#30
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 333 posts
CompCav,

When I clicked on the Compact button I get the new window, but there are no tabs; it simply says: NOT FOUND. This is as expected because the Results said: 0/43

Also I do NOT have my XP disc.

Lastly, I will stay on my computer for the next three hours.


js
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP