Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Analyze this Hijack log please

Started by Suzanne Wonderly Miller , Dec 16 2011 02:24 PM

Please log in to reply

#1
Suzanne Wonderly Miller

Posted 16 December 2011 - 02:24 PM

New Member

Member
1 posts

Happy Holidays I'm not sure what is going on but something is slowing down my Dell Latitude laptop. Its slow to boot up and gets worse when I open a browser. Not sure if it's malware or spyware or I was leaning towards something in the registry. I've been to Trend Micro site and ran Hijackthis and now I need this analyzed. I'm really not sure if i'm trying to fix the right thing,so I'm starting with this and I'll go from there. When I open Google I'll get messages that say plug in unresponsive or page unresponsive would you like to kill it or wait. I usually just wait and it starts working again. It could be something in the browser it self. I don't know I just know I need help. anyway here is the log. Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:28 AM, on 12/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINNT\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1248392790355
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1029829745120
O16 - DPF: {AB1A1D80-0788-406B-984E-F8C7B65D7A37} - http://metcalf-dc2/c...ols/install.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10383 bytes
Thank You

#2
RKinner

Posted 17 December 2011 - 02:20 AM

Malware Expert

Expert
24,625 posts

We don't use Hijackthis any more. It hasn't been updated in years. Can't say the same for malware.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Suzanne Wonderly Miller

Posted 17 December 2011 - 06:00 AM

New Member

Topic Starter
Member
1 posts

So I did what you said and here are the two logfiles. The second one sure has a lot of error messages. YIKES !!

OTL logfile created on: 12/17/2011 3:20:23 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\suzbhoney\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 130.62 Mb Available Physical Memory | 25.54% Memory free
1.78 Gb Paging File | 1.02 Gb Available in Paging File | 57.43% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.14 Gb Free Space | 46.01% Space Free | Partition Type: NTFS

Computer Name: 62D731 | User Name: suzbhoney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 02:58:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\suzbhoney\My Documents\Downloads\OTL.exe
PRC - [2011/12/07 03:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/23 22:49:37 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003/02/24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINNT\system32\pctspk.exe
PRC - [2000/05/19 14:24:56 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINNT\system32\quartz.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
MOD - [2005/10/24 22:24:22 | 000,020,594 | ---- | M] () -- C:\WINNT\system32\DELS3L3.DLL
MOD - [2003/02/24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINNT\system32\pctspk.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINNT\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HidServ)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/13 16:12:38 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/12/21 14:32:58 | 000,071,168 | ---- | M] () [On_Demand | Stopped] -- C:\WINNT\System32\LxrJD31s.exe -- (LxrJD31s)

========== Driver Services (SafeList) ==========

DRV - [2011/12/16 09:46:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18145E2D-099B-4F07-98BD-6FE35E904DB0}\MpKsl8df6d319.sys -- (MpKsl8df6d319)
DRV - [2011/12/15 16:57:17 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18145E2D-099B-4F07-98BD-6FE35E904DB0}\MpKslaa9ee190.sys -- (MpKslaa9ee190)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/03 20:21:49 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\smhwser.sys -- (smhwser) USB Device for Legacy Serial Communication (Normal)
DRV - [2010/01/13 15:02:28 | 000,100,864 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\smhwdev.sys -- (smhwdev) SmartPhone dummy USB PNP Device (Normal)
DRV - [2009/12/24 00:00:40 | 000,025,728 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\smhwadb.sys -- (androidusb)
DRV - [2009/08/10 09:13:14 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090810.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/10 09:13:13 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/10 09:13:13 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090810.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/06/03 10:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 10:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/11/30 08:54:02 | 000,610,816 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WPC54Gv3.SYS -- (WPC54Gv3)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/21 14:32:58 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2003/05/30 18:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003/05/30 17:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003/05/28 12:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003/02/24 15:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2002/10/15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\omci.sys -- (OMCI)
DRV - [2002/04/30 17:38:22 | 000,089,600 | ---- | M] (Cirrus Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\cwawdm.sys -- (cs429x)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90Xbc)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90BC)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\BrPar.sys -- (BrPar)
DRV - [2000/05/19 06:24:56 | 000,011,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ipfilter.sys -- (IPFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 6E C7 7D 4C B9 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\suzbhoney\Local Settings\Application Data\RewardsArcade\498\Firefox [2011/12/12 00:04:56 | 000,000,000 | ---D | M]

[2011/10/08 22:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\suzbhoney\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2002/08/09 08:09:05 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [%%DELETE_VALUE%%] CreateCD50 File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTVOICE] C:\WINNT\System32\pctspk.exe ()
O4 - HKLM..\Run: [POINTER] point32.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINNT\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1248392790355 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1029829745120 (MUWebControl Class)
O16 - DPF: {AB1A1D80-0788-406B-984E-F8C7B65D7A37} http://metcalf-dc2/c...ols/install.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87D4654B-FE9E-4385-B44C-D4A283371BA8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A03E46-CC4F-41EC-B437-14421AEB9509}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0397A8E-C15A-4745-AD58-AA0A7F28723B}: DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8FB1C22-8061-40B6-A464-CB01A4119D0F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINNT\system32\NavLogon.dll) - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/29 16:54:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 16:46:23 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2011/12/15 16:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Start Menu\Programs\HiJackThis
[2011/12/15 16:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/15 16:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyFix Tools
[2011/12/15 16:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyFix Tools
[2011/12/15 11:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Application Data\ElevatedDiagnostics
[2011/12/12 10:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/12 01:28:36 | 000,053,248 | ---- | C] (Dell Computer Corporation) -- C:\WINNT\System32\DellSys.dll
[2011/12/12 01:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/12/12 01:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Start Menu\Programs\Dell Inc
[2011/12/12 01:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\Deployment
[2011/12/12 00:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\RewardsArcade
[2011/12/12 00:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\RewardsArcade
[2011/12/11 13:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Tracing
[2011/12/11 12:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/11 12:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2011/12/11 12:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/12/11 12:56:05 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\drivers\fssfltr_tdi.sys
[2011/12/11 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/12/11 12:50:50 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\d3dx9_32.dll
[2011/12/11 12:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/12/11 12:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/12/11 12:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/12/11 12:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/12/11 12:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/12/11 12:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/12/11 12:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Labs
[2011/12/11 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Labs
[2011/12/10 20:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/12/10 19:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/10 19:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/10 13:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\suzbhoney\Application Data\Systweak
[2011/12/10 13:57:11 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINNT\System32\roboot.exe
[2011/12/10 13:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\YTDSETUP
[2011/11/29 14:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/17 03:29:00 | 000,000,400 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{2D863749-0997-4507-B3DD-35E5022AFABC}.job
[2011/12/17 02:56:00 | 000,000,900 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 02:54:16 | 000,000,426 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{6FD8B880-E01A-42B0-B1E8-66C7913AE543}.job
[2011/12/17 01:44:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_METCALFHODGES_harteb.job
[2011/12/16 23:56:11 | 000,000,896 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 17:57:00 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\suzbhoney\My Documents\system spec 3.04.csv
[2011/12/16 09:58:50 | 000,008,253 | ---- | M] () -- C:\WINNT\System32\nvModes.001
[2011/12/16 09:57:07 | 000,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/12/16 09:56:09 | 000,000,286 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-813497703-854245398-1004.job
[2011/12/16 09:51:27 | 000,000,424 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2011/12/16 09:45:48 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/12/16 09:45:30 | 536,342,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 22:51:36 | 000,057,596 | -H-- | M] () -- C:\WINNT\System32\mlfcache.dat
[2011/12/15 22:42:28 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/15 20:46:07 | 000,000,294 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-813497703-854245398-1004.job
[2011/12/15 17:51:52 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Desktop\HiJackThis.lnk
[2011/12/15 17:25:30 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 16:46:13 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2011/12/15 16:23:48 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[2011/12/15 16:09:16 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/15 11:14:56 | 000,243,789 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\census.cache
[2011/12/15 11:12:55 | 000,201,910 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\ars.cache
[2011/12/15 10:50:04 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\housecall.guid.cache
[2011/12/14 10:56:29 | 000,283,720 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/12/14 00:07:46 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2011/12/13 15:33:38 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2011/12/13 14:53:09 | 000,008,253 | ---- | M] () -- C:\WINNT\System32\nvModes.dat
[2011/12/12 22:28:59 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/12/12 01:44:37 | 000,002,396 | ---- | M] () -- C:\WINNT\System32\ASOROSet.bin
[2011/12/11 15:37:13 | 000,579,202 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/12/11 15:37:13 | 000,114,910 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/12/11 13:07:02 | 000,021,894 | ---- | M] () -- C:\Documents and Settings\suzbhoney\My Documents\MC900410581.WMF
[2011/12/10 20:11:18 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\suzbhoney\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/10 19:41:32 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/09 16:08:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2011/11/23 05:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\win32k.sys
[2011/11/23 05:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\win32k.sys
[2011/11/21 16:25:37 | 000,000,062 | ---- | M] () -- C:\WINNT\GPlrLanc.dat
[2011/11/19 11:52:52 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\WINNT\System32\roboot.exe
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 17:57:00 | 000,001,406 | ---- | C] () -- C:\Documents and Settings\suzbhoney\My Documents\system spec 3.04.csv
[2011/12/15 17:25:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 16:41:41 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Desktop\HiJackThis.lnk
[2011/12/15 16:23:48 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Application Data\Microsoft\Internet Explorer\Quick Launch\EasyFix Tools.lnk
[2011/12/15 11:14:56 | 000,243,789 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\census.cache
[2011/12/15 11:12:55 | 000,201,910 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\ars.cache
[2011/12/15 10:50:04 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Local Settings\Application Data\housecall.guid.cache
[2011/12/13 15:11:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/13 15:11:36 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/12/13 15:11:36 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/12/12 19:52:32 | 000,021,894 | ---- | C] () -- C:\Documents and Settings\suzbhoney\My Documents\MC900410581.WMF
[2011/12/10 20:11:18 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/10 20:11:18 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\suzbhoney\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/10 20:11:17 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/12/10 19:41:31 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/10 14:18:20 | 000,002,396 | ---- | C] () -- C:\WINNT\System32\ASOROSet.bin
[2011/11/21 16:25:37 | 000,000,062 | ---- | C] () -- C:\WINNT\GPlrLanc.dat
[2011/11/07 16:57:18 | 000,057,596 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2011/10/08 12:48:09 | 000,261,202 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/16 09:20:54 | 000,139,762 | ---- | C] () -- C:\WINNT\hpoins15.dat
[2011/09/16 09:20:53 | 000,001,039 | ---- | C] () -- C:\WINNT\hpomdl15.dat
[2009/08/30 14:44:28 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINNT\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINNT\System32\structuredqueryschema.bin
[2008/02/08 09:55:46 | 000,000,034 | ---- | C] () -- C:\WINNT\System32\BD5250DN.DAT
[2008/01/19 16:06:13 | 000,020,594 | ---- | C] () -- C:\WINNT\System32\DELS3L3.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINNT\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINNT\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINNT\System32\gthrctr.ini
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
[2007/02/09 09:44:06 | 000,000,496 | ---- | C] () -- C:\WINNT\System32\ROSet.dat
[2006/09/26 09:01:31 | 000,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2006/07/26 14:48:09 | 000,000,306 | ---- | C] () -- C:\WINNT\System32\systa.dat
[2006/07/26 14:46:02 | 000,000,452 | ---- | C] () -- C:\WINNT\dorp.dat
[2006/02/24 13:13:44 | 000,000,013 | ---- | C] () -- C:\WINNT\BRVIDEO.INI
[2006/02/24 13:13:44 | 000,000,012 | ---- | C] () -- C:\WINNT\Brownie.ini
[2006/02/24 13:13:44 | 000,000,000 | ---- | C] () -- C:\WINNT\brmx2001.ini
[2006/02/24 13:13:08 | 000,000,410 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2006/02/04 12:42:34 | 000,000,064 | ---- | C] () -- C:\WINNT\PFXEngagement.INI
[2006/01/11 11:58:45 | 000,000,023 | ---- | C] () -- C:\WINNT\ZDPLUSSEARCH.INI
[2006/01/05 12:33:32 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\uninscpw.exe
[2006/01/05 08:47:50 | 000,000,012 | ---- | C] () -- C:\WINNT\QBWCD.INI
[2006/01/03 18:48:21 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2006/01/03 18:34:15 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2005/12/21 14:33:04 | 000,000,000 | ---- | C] () -- C:\WINNT\JDSecure31.INI
[2005/12/21 14:32:59 | 000,163,840 | ---- | C] () -- C:\WINNT\System32\LxrJD31c.exe
[2005/12/21 14:32:59 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\LxrJD20Sat.dll
[2005/12/21 14:32:58 | 000,249,856 | ---- | C] () -- C:\WINNT\System32\LxrJD31.dll
[2005/12/21 14:32:58 | 000,071,168 | ---- | C] () -- C:\WINNT\System32\LxrJD31s.exe
[2005/12/21 14:32:58 | 000,069,824 | ---- | C] () -- C:\WINNT\System32\drivers\LxrJD31d.sys
[2005/12/01 13:20:24 | 000,000,104 | ---- | C] () -- C:\WINNT\FITWIN.INI
[2005/12/01 13:19:23 | 000,000,213 | ---- | C] () -- C:\WINNT\ads.ini
[2005/12/01 12:41:12 | 000,095,232 | ---- | C] () -- C:\WINNT\System32\OSMFC.DLL
[2005/12/01 12:41:11 | 000,304,640 | ---- | C] () -- C:\WINNT\System32\O2PSEPR.DLL
[2005/12/01 10:12:51 | 000,000,683 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2005/12/01 09:17:10 | 000,000,805 | ---- | C] () -- C:\WINNT\ODBC.INI
[2005/12/01 09:13:48 | 000,008,253 | ---- | C] () -- C:\WINNT\System32\nvModes.dat
[2005/12/01 09:11:43 | 000,001,536 | ---- | C] () -- C:\WINNT\System32\TrueSoft.dat
[2005/12/01 08:24:29 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2005/11/30 18:30:02 | 000,053,248 | ---- | C] () -- C:\WINNT\uneng.exe
[2005/11/29 16:53:38 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2005/11/29 16:52:55 | 000,022,192 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2005/11/29 07:51:48 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2005/11/29 07:51:12 | 000,283,720 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/08/04 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[2004/08/03 16:56:46 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/04/02 13:01:22 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\HPB1320V.DLL
[2004/02/09 17:21:38 | 000,000,319 | ---- | C] () -- C:\WINNT\System32\HPB1320V.DAT
[2003/06/13 15:42:24 | 000,000,456 | ---- | C] () -- C:\WINNT\System32\pthsp.dat
[2003/02/24 15:35:12 | 000,163,840 | ---- | C] () -- C:\WINNT\System32\pctspk.exe
[2003/02/13 17:40:08 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\mdmmoh.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2002/08/09 08:14:25 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002/08/09 08:14:06 | 000,579,202 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2002/08/09 08:14:03 | 000,114,910 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2002/08/09 08:13:11 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[1999/09/25 02:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 02:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[1998/06/11 14:08:04 | 000,306,688 | ---- | C] () -- C:\WINNT\System32\Lffpx7.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAF0C30
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:108D3361

< End of report >

OTL Extras logfile created on: 12/17/2011 3:20:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\suzbhoney\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.43 Mb Total Physical Memory | 130.62 Mb Available Physical Memory | 25.54% Memory free
1.78 Gb Paging File | 1.02 Gb Available in Paging File | 57.43% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 17.14 Gb Free Space | 46.01% Space Free | Partition Type: NTFS

Computer Name: 62D731 | User Name: suzbhoney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINNT\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINNT\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINNT\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINNT\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINNT\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINNT\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:*:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{033FAD4E-C48B-11D5-BCEF-005004748D87}" = 64x Drivers
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24829404-42BC-491F-ADC9-5B405B5AB5F7}" = PPCMultiSelector_Installer
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C72B40D-12D4-496E-974E-8DA4AA7953E8}" = SQLXML 3.0 SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{51E7609E-F086-4ECA-9870-5B9E4E5096BD}" = Verizon Wireless USB720-V740 Firmware Updates
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6894565B-1A2D-4BD2-AA40-B3A6CFCF0AE8}" = msxml4 sp2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B35D327-0607-4EED-A2E9-1312D10FD5EC}" = Verizon Wireless USB727 Firmware Updates
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87D9864A-21FF-4CD3-A5FE-D9A374CFE1B8}" = PPC e-Workpapers Interactive Disclosure Library for Nonpublic Businesses 2005
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94CDD59F-8E30-4B37-BFD1-5B3CD9538B83}" = System Files
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97633BED-21C3-11D5-A09E-00600823B4E4}" = Dell Dock Quick Install for Windows
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}" = Microsoft IntelliPoint
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F3B888-C00D-40BF-AD81-84DF70126A4E}" = PPC e-Workpapers Small Business Audits 2005
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PROFXENGAGEMENT)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB933DE5-A25D-48F5-8CB2-A43E47CF761E}" = Microsoft Office Labs Ribbon Hero 2, Clippy's Second Chance
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"EasyFix Tools_is1" = EasyFix Tools v1.0
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers
"InterActual Player" = InterActual Player
"JDSecure" = JD Secure 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"ProSystem fx Workstation" = ProSystem fx Workstation
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"RewardsArcade" = RewardsArcade

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 9:17:58 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2011 9:20:19 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1001
Description = Fault bucket 2058867196.

Error - 12/15/2011 9:45:43 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:46 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:48 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:49 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:34 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ Application Events ]
Error - 12/15/2011 9:17:58 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2011 9:20:19 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1001
Description = Fault bucket 2058867196.

Error - 12/15/2011 9:45:43 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:46 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:48 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:49 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:34 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ Application Events ]
Error - 12/15/2011 9:17:58 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2011 9:20:19 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1001
Description = Fault bucket 2058867196.

Error - 12/15/2011 9:45:43 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:46 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:48 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:49 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:34 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ Application Events ]
Error - 12/15/2011 9:17:58 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2011 9:20:19 PM | Computer Name = 62D731 | Source = Application Hang | ID = 1001
Description = Fault bucket 2058867196.

Error - 12/15/2011 9:45:43 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:46 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:48 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/15/2011 9:45:49 PM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:34 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 12/17/2011 6:54:35 AM | Computer Name = 62D731 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/16/2011 12:59:37 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7034
Description = The BBUpdate service terminated unexpectedly. It has done this 1
time(s).

Error - 12/16/2011 1:00:18 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/16/2011 1:00:34 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

[ System Events ]
Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:44:27 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/15/2011 8:45:09 PM | Computer Name = 62D731 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Error - 12/16/2011 12:59:37 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7034
Description = The BBUpdate service terminated unexpectedly. It has done this 1
time(s).

Error - 12/16/2011 1:00:18 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/16/2011 1:00:34 AM | Computer Name = 62D731 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

< End of report >

#4
RKinner

Posted 17 December 2011 - 10:35 AM

Malware Expert

Expert
24,625 posts

Look like a bad install of an update to Windows Search, a broken Adobe Reader and too many anti-virus products (One is good, two is bad as they fight each other).

Uninstall
Adobe Reader 7.0.5 - Broken and obsolete - get the latest version of Adobe Reader at adobe.com
Adobe Flash Player 10 Plugin - obsolete - get the latest version of Adobe Reader at adobe.com
Macromedia Flash Player - obsolete
MarketResearch - Foistware
Bing Bar
Microsoft Security Essentials
If uninstalling the above does not remove them them also uninstall:
Microsoft Antimalware
Microsoft Security Client

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec AntiVirus (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US - if your subscription has expired don't bother saving the key)

Run the Norton Removal tool.
Uninstall
Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. Did it find anything?

Get the Installer Cleanup tool from http://majorgeeks.co...ad.php?det=4459 Save it then Run it and have it delete any reference to Windows Search or wsearch.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

How is it running now?

Ron