Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SID:23621 System Infected Tidserv Activity Detected [Solved]

Started by knarf1 , Jan 25 2012 12:12 AM

  • This topic is locked This topic is locked

#46
knarf1
Posted 29 January 2012 - 09:50 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
My computer is also running very slowly--and sometimes freezes up.
  • 0

Advertisements

#47
Homburg
Posted 30 January 2012 - 04:25 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts

My computer is also running very slowly--and sometimes freezes up.

Did it do that before you were infected?
Is it all the time or only when you're surfing the net?
When it nexts run slow can you look at Task Manager and see what the process it that is using the most CPU resource and let me know.



I had already tried the fixit a dozen times and no go.
Where is the "aggressive mode"? I do not see that option.

I don't have access to a Vista system anymore but there was two options when running that Fixit, normal and aggressive. I will see if I can find any alternative methods.
  • 0

#48
knarf1
Posted 30 January 2012 - 07:53 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
"Did it do that before you were infected?"

no

"Is it all the time or only when you're surfing the net?"

The problem seems to be correcting itself. The more I use the computer, the more it seems to be returning to normal. Yesterday morning it took 15 minutes to start up. Now that seems OK. It froze up at random times. If I waited 10-15 minutes, it would unfreeeze. Again, this did not happen as of last night.


"When it nexts run slow can you look at Task Manager and see what the process it that is using the most CPU resource and let me know."

OK. Thanks.

And thanks for looking into the 80096001 updates error. This is still the same.
  • 0

#49
Homburg
Posted 30 January 2012 - 12:04 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts

The problem seems to be correcting itself. The more I use the computer, the more it seems to be returning to normal. Yesterday morning it took 15 minutes to start up. Now that seems OK. It froze up at random times. If I waited 10-15 minutes, it would unfreeeze. Again, this did not happen as of last night.

It maybe that something was updating or your new AV doing a full scan.

I've found another MS Fixit that corrects several Windows Update faults. About half way down the page here

Can you see if you can find the update log at C:\Windows\WindowsUpdate.txt open it in notepad and copy about the last 40 lines in a reply.

Thanks
  • 0

#50
knarf1
Posted 30 January 2012 - 02:10 PM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks. That fix it did not work.

2012-01-30 05:52:24:344 1052 4d4 Agent *************
2012-01-30 05:52:24:344 1052 4d4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 05:52:24:344 1052 4d4 Agent *********
2012-01-30 05:52:24:344 1052 4d4 Agent * Online = Yes; Ignore download priority = No
2012-01-30 05:52:24:344 1052 4d4 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-01-30 05:52:24:344 1052 4d4 Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-01-30 05:52:24:344 1052 4d4 Agent * Search Scope = {Machine}
2012-01-30 05:52:24:640 1052 4d4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 05:52:24:672 1052 4d4 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 05:52:24:672 1052 4d4 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 05:52:24:906 1052 4d4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 05:52:24:921 1052 4d4 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 05:52:24:921 1052 4d4 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 05:52:25:342 1052 4d4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 05:52:25:358 1052 4d4 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 05:52:25:358 1052 4d4 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 05:52:25:358 1052 4d4 Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-01-30 05:52:25:358 1052 4d4 Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-01-30 05:52:25:374 1052 4d4 Agent * WARNING: Exit code = 0x80096001
2012-01-30 05:52:25:374 1052 4d4 Agent *********
2012-01-30 05:52:25:374 1052 4d4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 05:52:25:374 1052 4d4 Agent *************
2012-01-30 05:52:25:374 1052 4d4 Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-01-30 05:52:25:374 1052 e10 AU >>## RESUMED ## AU: Search for updates [CallId = {81B3A81E-4071-44A8-9884-C3965FB1775C}]
2012-01-30 05:52:25:374 1052 e10 AU # WARNING: Search callback failed, result = 0x80096001
2012-01-30 05:52:25:374 1052 e10 AU # WARNING: Failed to find updates with error code 80096001
2012-01-30 05:52:25:374 1052 e10 AU #########
2012-01-30 05:52:25:374 1052 e10 AU ## END ## AU: Search for updates [CallId = {81B3A81E-4071-44A8-9884-C3965FB1775C}]
2012-01-30 05:52:25:374 1052 e10 AU #############
2012-01-30 05:52:25:374 1052 e10 AU AU setting next detection timeout to 2012-01-30 18:52:25
2012-01-30 05:52:25:374 1052 e10 AU Setting AU scheduled install time to 2012-01-30 16:00:00
2012-01-30 05:52:30:381 1052 4d4 Report REPORT EVENT: {3FCFA75E-E2DD-4C03-A715-C3472237F984} 2012-01-30 05:52:25:374-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-01-30 05:52:30:412 1052 4d4 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-01-30 05:52:30:412 1052 4d4 Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-01-30 05:52:30:412 1052 4d4 Report CWERReporter finishing event handling. (00000000)
2012-01-30 07:46:35:707 1052 598 AU AU setting next sqm report timeout to 2012-01-31 15:46:35
2012-01-30 08:00:09:964 1052 598 AU Forced install timer expired for scheduled install
2012-01-30 08:00:09:969 1052 598 AU UpdateDownloadProperties: 0 download(s) are still in progress.
2012-01-30 08:00:09:974 1052 598 AU Setting AU scheduled install time to 2012-01-31 16:00:00
2012-01-30 10:52:24:849 1052 598 AU #############
2012-01-30 10:52:24:869 1052 598 AU ## START ## AU: Search for updates
2012-01-30 10:52:24:869 1052 598 AU #########
2012-01-30 10:52:25:047 1052 598 AU <<## SUBMITTED ## AU: Search for updates [CallId = {560A2ACC-FF0D-47AC-BDA7-68803E346179}]
2012-01-30 10:52:25:080 1052 7f8 Agent *************
2012-01-30 10:52:25:080 1052 7f8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 10:52:25:080 1052 7f8 Agent *********
2012-01-30 10:52:25:080 1052 7f8 Agent * Online = Yes; Ignore download priority = No
2012-01-30 10:52:25:080 1052 7f8 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-01-30 10:52:25:080 1052 7f8 Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-01-30 10:52:25:080 1052 7f8 Agent * Search Scope = {Machine}
2012-01-30 10:52:31:633 1052 7f8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 10:52:31:775 1052 7f8 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 10:52:31:775 1052 7f8 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 10:52:36:565 1052 7f8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 10:52:36:591 1052 7f8 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 10:52:36:591 1052 7f8 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 10:52:41:660 1052 7f8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 10:52:41:674 1052 7f8 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 10:52:41:674 1052 7f8 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 10:52:41:678 1052 7f8 Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-01-30 10:52:41:678 1052 7f8 Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-01-30 10:52:41:709 1052 7f8 Agent * WARNING: Exit code = 0x80096001
2012-01-30 10:52:41:709 1052 7f8 Agent *********
2012-01-30 10:52:41:709 1052 7f8 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 10:52:41:709 1052 7f8 Agent *************
2012-01-30 10:52:41:709 1052 7f8 Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-01-30 10:52:41:709 1052 14e0 AU >>## RESUMED ## AU: Search for updates [CallId = {560A2ACC-FF0D-47AC-BDA7-68803E346179}]
2012-01-30 10:52:41:709 1052 14e0 AU # WARNING: Search callback failed, result = 0x80096001
2012-01-30 10:52:41:709 1052 14e0 AU # WARNING: Failed to find updates with error code 80096001
2012-01-30 10:52:41:709 1052 14e0 AU #########
2012-01-30 10:52:41:709 1052 14e0 AU ## END ## AU: Search for updates [CallId = {560A2ACC-FF0D-47AC-BDA7-68803E346179}]
2012-01-30 10:52:41:709 1052 14e0 AU #############
2012-01-30 10:52:41:719 1052 14e0 AU AU setting next detection timeout to 2012-01-30 23:52:41
2012-01-30 10:52:41:719 1052 14e0 AU Setting AU scheduled install time to 2012-01-31 16:00:00
2012-01-30 10:52:46:793 1052 7f8 Report REPORT EVENT: {9D2D3835-25E3-494E-B841-5EAC5357E86D} 2012-01-30 10:52:41:697-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-01-30 10:52:47:022 1052 7f8 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-01-30 10:52:47:022 1052 7f8 Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-01-30 10:52:47:022 1052 7f8 Report CWERReporter finishing event handling. (00000000)
2012-01-30 12:07:18:961 1052 1294 AU Triggering AU detection through DetectNow API
2012-01-30 12:07:18:976 1052 1294 AU Triggering Online detection (interactive)
2012-01-30 12:07:19:012 1052 598 AU #############
2012-01-30 12:07:19:012 1052 598 AU ## START ## AU: Search for updates
2012-01-30 12:07:19:012 1052 598 AU #########
2012-01-30 12:07:19:107 1052 598 AU <<## SUBMITTED ## AU: Search for updates [CallId = {C8013928-E5AA-4530-8444-DC773DCAFAAD}]
2012-01-30 12:07:19:107 1052 1248 Agent *************
2012-01-30 12:07:19:107 1052 1248 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 12:07:19:107 1052 1248 Agent *********
2012-01-30 12:07:19:107 1052 1248 Agent * Online = Yes; Ignore download priority = No
2012-01-30 12:07:19:107 1052 1248 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-01-30 12:07:19:125 1052 1248 Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-01-30 12:07:19:125 1052 1248 Agent * Search Scope = {Machine}
2012-01-30 12:07:19:803 1052 1248 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 12:07:19:895 1052 1248 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 12:07:19:895 1052 1248 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 12:07:20:237 1052 1248 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 12:07:20:261 1052 1248 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 12:07:20:261 1052 1248 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 12:07:20:783 1052 1248 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-30 12:07:20:807 1052 1248 Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-30 12:07:20:807 1052 1248 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-30 12:07:20:812 1052 1248 Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-01-30 12:07:20:812 1052 1248 Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-01-30 12:07:20:906 1052 1248 Agent * WARNING: Exit code = 0x80096001
2012-01-30 12:07:20:906 1052 1248 Agent *********
2012-01-30 12:07:20:906 1052 1248 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-30 12:07:20:906 1052 1248 Agent *************
2012-01-30 12:07:20:906 1052 1248 Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-01-30 12:07:20:907 1052 1c28 AU >>## RESUMED ## AU: Search for updates [CallId = {C8013928-E5AA-4530-8444-DC773DCAFAAD}]
2012-01-30 12:07:20:907 1052 1c28 AU # WARNING: Search callback failed, result = 0x80096001
2012-01-30 12:07:20:907 1052 1c28 AU # WARNING: Failed to find updates with error code 80096001
2012-01-30 12:07:20:907 1052 1c28 AU #########
2012-01-30 12:07:20:907 1052 1c28 AU ## END ## AU: Search for updates [CallId = {C8013928-E5AA-4530-8444-DC773DCAFAAD}]
2012-01-30 12:07:20:907 1052 1c28 AU #############
2012-01-30 12:07:20:921 1052 1c28 AU AU setting next detection timeout to 2012-01-31 01:07:20
2012-01-30 12:07:20:921 1052 1c28 AU Setting AU scheduled install time to 2012-01-31 16:00:00
2012-01-30 12:07:25:940 1052 1248 Report REPORT EVENT: {B6B06196-11BD-46EE-879E-65C6B8236B00} 2012-01-30 12:07:20:906-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-01-30 12:07:26:207 1052 1248 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-01-30 12:07:26:207 1052 1248 Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-01-30 12:07:26:207 1052 1248 Report CWERReporter finishing event handling. (00000000)
  • 0

#51
Homburg
Posted 31 January 2012 - 05:11 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

I'm running out of ideas now. Some people have had success by removing the Software Distribution folder contents. There are instructions in the last Fixit I gave you but is not part of the Fixit procedure and has to be done manually.

Go here and follow the instructions for Method 10.

If still no joy then please post the last 30-40 lines of the C:\Windows\WindowsUpdate.txt as you did before
  • 0

#52
knarf1
Posted 31 January 2012 - 10:26 PM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Following that method, am I supposed to delete EVERYTHING (all the sub-folders) from the Windows software distribution folder, or just the last report log? I just did the latter.


2012-01-31 17:01:41:830 1104 cbc Agent * Online = Yes; Ignore download priority = No
2012-01-31 17:01:41:830 1104 cbc Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-01-31 17:01:41:830 1104 cbc Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-01-31 17:01:41:830 1104 cbc Agent * Search Scope = {Machine}
2012-01-31 17:01:47:399 1104 cbc Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-31 17:01:47:415 1104 cbc Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-31 17:01:47:415 1104 cbc Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-31 17:01:52:313 1104 cbc Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-31 17:01:52:313 1104 cbc Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-31 17:01:52:313 1104 cbc Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-31 17:01:57:446 1104 cbc Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-01-31 17:01:57:446 1104 cbc Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-01-31 17:01:57:446 1104 cbc Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-01-31 17:01:57:461 1104 cbc Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-01-31 17:01:57:461 1104 cbc Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-01-31 17:01:57:477 1104 cbc Agent * WARNING: Exit code = 0x80096001
2012-01-31 17:01:57:477 1104 cbc Agent *********
2012-01-31 17:01:57:477 1104 cbc Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-01-31 17:01:57:477 1104 cbc Agent *************
2012-01-31 17:01:57:477 1104 cbc Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-01-31 17:01:57:477 1104 1f4 AU >>## RESUMED ## AU: Search for updates [CallId = {0F50EF8E-845E-42EC-881A-150BBF1C4150}]
2012-01-31 17:01:57:477 1104 1f4 AU # WARNING: Search callback failed, result = 0x80096001
2012-01-31 17:01:57:477 1104 1f4 AU # WARNING: Failed to find updates with error code 80096001
2012-01-31 17:01:57:477 1104 1f4 AU #########
2012-01-31 17:01:57:477 1104 1f4 AU ## END ## AU: Search for updates [CallId = {0F50EF8E-845E-42EC-881A-150BBF1C4150}]
2012-01-31 17:01:57:477 1104 1f4 AU #############
2012-01-31 17:01:57:477 1104 1f4 AU AU setting next detection timeout to 2012-02-01 06:01:57
2012-01-31 17:01:57:477 1104 1f4 AU Setting AU scheduled install time to 2012-02-01 16:00:00
2012-01-31 17:02:02:484 1104 cbc Report REPORT EVENT: {190287B1-AD56-4051-B2DE-BE03705D3C86} 2012-01-31 17:01:57:461-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-01-31 17:02:02:500 1104 cbc Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-01-31 17:02:02:500 1104 cbc Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-01-31 17:02:02:500 1104 cbc Report CWERReporter finishing event handling. (00000000)
2012-01-31 20:11:32:690 1104 5dc AU ########### AU: Uninitializing Automatic Updates ###########
2012-01-31 20:11:34:453 1104 5dc Report CWERReporter finishing event handling. (00000000)
2012-01-31 20:11:34:594 1104 5dc Service *********
2012-01-31 20:11:34:594 1104 5dc Service ** END ** Service: Service exit [Exit code = 0x240001]
2012-01-31 20:11:34:594 1104 5dc Service *************
2012-01-31 20:18:14:870 1104 d8c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0800) ===========
2012-01-31 20:18:14:870 1104 d8c Misc = Process: C:\Windows\system32\svchost.exe
2012-01-31 20:18:14:870 1104 d8c Misc = Module: c:\windows\system32\wuaueng.dll
2012-01-31 20:18:14:870 1104 d8c Service *************
2012-01-31 20:18:14:870 1104 d8c Service ** START ** Service: Service startup
2012-01-31 20:18:14:870 1104 d8c Service *********
2012-01-31 20:18:14:916 1104 d8c Agent * WU client version 7.4.7600.226
2012-01-31 20:18:14:916 1104 d8c Agent * Base directory: C:\Windows\SoftwareDistribution
2012-01-31 20:18:14:916 1104 d8c Agent * Access type: No proxy
2012-01-31 20:18:14:932 1104 d8c Agent * Network state: Connected
2012-01-31 20:18:31:624 1104 1e44 Report CWERReporter::Init succeeded
2012-01-31 20:18:31:624 1104 1e44 Agent *********** Agent: Initializing Windows Update Agent ***********
2012-01-31 20:18:31:624 1104 1e44 Agent *********** Agent: Initializing global settings cache ***********
2012-01-31 20:18:31:624 1104 1e44 Agent * WSUS server: <NULL>
2012-01-31 20:18:31:624 1104 1e44 Agent * WSUS status server: <NULL>
2012-01-31 20:18:31:624 1104 1e44 Agent * Target group: (Unassigned Computers)
2012-01-31 20:18:31:624 1104 1e44 Agent * Windows Update access disabled: No
2012-01-31 20:18:31:640 1104 1e44 DnldMgr Download manager restoring 0 downloads
2012-01-31 20:18:31:671 1104 1e44 AU ########### AU: Initializing Automatic Updates ###########
2012-01-31 20:18:31:671 1104 1e44 AU # Approval type: Scheduled (User preference)
2012-01-31 20:18:31:671 1104 1e44 AU # Scheduled install day/time: Every day at 8:00
2012-01-31 20:18:31:671 1104 1e44 AU # Auto-install minor updates: Yes (User preference)
2012-01-31 20:18:31:671 1104 1e44 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2012-01-31 20:18:31:671 1104 1e44 AU # Will display featured software notifications (User preference)
2012-01-31 20:18:31:686 1104 1e44 AU Setting AU scheduled install time to 2012-02-01 16:00:00
2012-01-31 20:18:31:718 1104 1e44 AU Initializing featured updates
2012-01-31 20:18:31:718 1104 1e44 AU Found 0 cached featured updates
2012-01-31 20:18:31:718 1104 1e44 AU AU finished delayed initialization
2012-01-31 20:18:33:605 1104 d8c Report *********** Report: Initializing static reporting data ***********
2012-01-31 20:18:33:605 1104 d8c Report * OS Version = 6.0.6002.2.0.66304
2012-01-31 20:18:33:605 1104 d8c Report * OS Product Type = 0x00000002
2012-01-31 20:18:33:668 1104 d8c Report * Computer Brand = Dell Inc.
2012-01-31 20:18:33:668 1104 d8c Report * Computer Model = Vostro 220 Series
2012-01-31 20:18:33:668 1104 d8c Report * Bios Revision = 1.0.3
2012-01-31 20:18:33:668 1104 d8c Report * Bios Name = Default System BIOS
2012-01-31 20:18:33:668 1104 d8c Report * Bios Release Date = 2008-10-24T00:00:00
2012-01-31 20:18:33:668 1104 d8c Report * Locale ID = 1033
2012-01-31 20:18:38:862 1104 88c Report CWERReporter finishing event handling. (00000000)

Edited by knarf1, 01 February 2012 - 01:47 AM.

  • 0

#53
Homburg
Posted 01 February 2012 - 06:28 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Is Windows Updates running? I can't see any faults/errors in that last portion of the log you posted.

Are there any outstanding updates waiting to be installed?

What is the problem you are now having?
  • 0

#54
knarf1
Posted 01 February 2012 - 08:50 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Windows update is still not running.

Sometimes my comptuer freezes when I try to do something--like open Explorer or open some web site or click to open a log. There will be nothing--just freeze--or the revolving circle--for 10, 15, 20 minutes.

2012-02-01 06:18:42:465 1104 167c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-02-01 06:18:42:465 1104 167c Agent *********
2012-02-01 06:18:42:465 1104 167c Agent * Online = Yes; Ignore download priority = No
2012-02-01 06:18:42:465 1104 167c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-02-01 06:18:42:465 1104 167c Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-02-01 06:18:42:465 1104 167c Agent * Search Scope = {Machine}
2012-02-01 06:18:47:422 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:18:47:437 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:18:47:437 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:18:52:342 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:18:52:367 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:18:52:367 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:18:57:516 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:18:57:547 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:18:57:547 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:18:57:547 1104 167c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-02-01 06:18:57:547 1104 167c Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-02-01 06:18:57:563 1104 167c Agent * WARNING: Exit code = 0x80096001
2012-02-01 06:18:57:563 1104 167c Agent *********
2012-02-01 06:18:57:563 1104 167c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-02-01 06:18:57:563 1104 167c Agent *************
2012-02-01 06:18:57:563 1104 167c Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-02-01 06:18:57:563 1104 129c AU >>## RESUMED ## AU: Search for updates [CallId = {A12A6453-EA25-4DFA-BD86-258B7F0BCED1}]
2012-02-01 06:18:57:563 1104 129c AU # WARNING: Search callback failed, result = 0x80096001
2012-02-01 06:18:57:563 1104 129c AU # WARNING: Failed to find updates with error code 80096001
2012-02-01 06:18:57:563 1104 129c AU #########
2012-02-01 06:18:57:563 1104 129c AU ## END ## AU: Search for updates [CallId = {A12A6453-EA25-4DFA-BD86-258B7F0BCED1}]
2012-02-01 06:18:57:563 1104 129c AU #############
2012-02-01 06:18:57:563 1104 129c AU AU setting next detection timeout to 2012-02-01 19:18:57
2012-02-01 06:18:57:563 1104 129c AU AU was unable to detect updates for more than 48 hours
2012-02-01 06:18:57:563 1104 129c AU Setting AU scheduled install time to 2012-02-01 16:00:00
2012-02-01 06:18:57:610 1104 167c Report CWERReporter finishing event handling. (00000000)
2012-02-01 06:19:02:571 1104 167c Report REPORT EVENT: {69C134EF-6026-4994-9A2E-ED5EB8894738} 2012-02-01 06:18:57:563-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-02-01 06:19:02:571 1104 167c Report REPORT EVENT: {B80F2FCE-46C3-4449-8F00-78EDF9C34A03} 2012-02-01 06:18:57:563-0800 1 149 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Failure Software Synchronization Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
2012-02-01 06:19:02:711 1104 167c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-02-01 06:19:02:711 1104 167c Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-02-01 06:19:02:711 1104 167c Report CWERReporter finishing event handling. (00000000)
2012-02-01 06:20:41:681 1104 d34 AU Triggering AU detection through DetectNow API
2012-02-01 06:20:41:681 1104 d34 AU Triggering Online detection (interactive)
2012-02-01 06:20:41:681 1104 590 AU #############
2012-02-01 06:20:41:681 1104 590 AU ## START ## AU: Search for updates
2012-02-01 06:20:41:681 1104 590 AU #########
2012-02-01 06:20:41:681 1104 590 AU <<## SUBMITTED ## AU: Search for updates [CallId = {0EB17DB0-1A2E-43F9-B559-E430525DDA9C}]
2012-02-01 06:20:41:681 1104 167c Agent *************
2012-02-01 06:20:41:681 1104 167c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-02-01 06:20:41:681 1104 167c Agent *********
2012-02-01 06:20:41:681 1104 167c Agent * Online = Yes; Ignore download priority = No
2012-02-01 06:20:41:681 1104 167c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2012-02-01 06:20:41:681 1104 167c Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2012-02-01 06:20:41:681 1104 167c Agent * Search Scope = {Machine}
2012-02-01 06:20:41:931 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:20:41:947 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:20:41:947 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:20:42:181 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:20:42:212 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:20:42:212 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:20:42:664 1104 167c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2012-02-01 06:20:42:695 1104 167c Misc WARNING: Error: 0x80096001 when verifying trust for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
2012-02-01 06:20:42:695 1104 167c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab are not trusted: Error 0x80096001
2012-02-01 06:20:42:695 1104 167c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80096001
2012-02-01 06:20:42:695 1104 167c Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80096001
2012-02-01 06:20:42:711 1104 167c Agent * WARNING: Exit code = 0x80096001
2012-02-01 06:20:42:711 1104 167c Agent *********
2012-02-01 06:20:42:711 1104 167c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2012-02-01 06:20:42:711 1104 167c Agent *************
2012-02-01 06:20:42:711 1104 167c Agent WARNING: WU client failed Searching for update with error 0x80096001
2012-02-01 06:20:42:711 1104 129c AU >>## RESUMED ## AU: Search for updates [CallId = {0EB17DB0-1A2E-43F9-B559-E430525DDA9C}]
2012-02-01 06:20:42:711 1104 129c AU # WARNING: Search callback failed, result = 0x80096001
2012-02-01 06:20:42:711 1104 129c AU # WARNING: Failed to find updates with error code 80096001
2012-02-01 06:20:42:711 1104 129c AU #########
2012-02-01 06:20:42:711 1104 129c AU ## END ## AU: Search for updates [CallId = {0EB17DB0-1A2E-43F9-B559-E430525DDA9C}]
2012-02-01 06:20:42:711 1104 129c AU #############
2012-02-01 06:20:42:711 1104 129c AU AU setting next detection timeout to 2012-02-01 19:20:42
2012-02-01 06:20:42:711 1104 129c AU Setting AU scheduled install time to 2012-02-01 16:00:00
2012-02-01 06:20:47:719 1104 167c Report REPORT EVENT: {5C45BB34-398C-4358-A741-55387873F5C9} 2012-02-01 06:20:42:711-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80096001 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80096001.
2012-02-01 06:20:47:719 1104 167c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2012-02-01 06:20:47:719 1104 167c Report WER Report sent: 7.4.7600.226 0x80096001 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2012-02-01 06:20:47:719 1104 167c Report CWERReporter finishing event handling. (00000000)
  • 0

#55
Homburg
Posted 02 February 2012 - 05:30 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts

Sometimes my comptuer freezes when I try to do something--like open Explorer or open some web site or click to open a log. There will be nothing--just freeze--or the revolving circle--for 10, 15, 20 minutes.

Did you manage to look at task manager to check what was using most processor resource?

Just to check if there are any other nasties we'll do a couple of more scans:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it, if it asks to install Avast engine/components allow it to give a deeper scan

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Please let me know if either or both the FixMBR or FIX buttons are available or not greyed out. Please don't press them :thumbsup:
  • 0

Advertisements

#56
knarf1
Posted 02 February 2012 - 08:01 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It is really not so much a matter of running slow--but of freezing. When that happens I cannot do anything--including running task manager. I can do that after the freezes stops--but have not yet. Should I after a freeze ends?

Could it have something to do with Sophos and Zone Alarm stuff interacting--too much security?







OTL logfile created on: 2/2/2012 5:36:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\msuman\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.51% Memory free
4.17 Gb Paging File | 2.76 Gb Available in Paging File | 66.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 119.83 Gb Free Space | 53.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 2794.52 Gb Total Space | 2350.14 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

Computer Name: MSUMAN-PC | User Name: msuman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 05:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
PRC - [2012/01/27 06:06:41 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/01/27 06:05:27 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/27 05:57:05 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 19:48:26 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/03 06:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 06:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/05/06 12:36:09 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/18 22:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 14:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/27 06:06:41 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/27 06:05:27 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/01/27 05:57:05 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 06:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/18 22:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 14:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/27 06:06:00 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/01/27 05:56:46 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/27 05:56:43 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/27 05:56:31 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 06:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008/12/23 03:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/26 09:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 23:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/06/10 12:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.9.0.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59273

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/11 08:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/27 13:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 09:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 09:09:59 | 000,000,000 | ---D | M]

[2011/01/14 18:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\msuman\AppData\Roaming\Mozilla\Extensions
[2012/02/01 20:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions
[2011/02/24 16:46:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/28 15:23:56 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/01/27 13:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/30 12:48:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 03:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/11 08:30:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\msuman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\msuman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/01/26 09:45:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF48691-42FF-4A13-8013-5A1CC8DE2354}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\msuman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\msuman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/22 17:13:38 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 05:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
[2012/01/28 23:24:29 | 000,000,000 | ---D | C] -- C:\Users\msuman\Documents\Remote Assistance Logs
[2012/01/28 10:13:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/28 09:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND
[2012/01/28 09:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorEND
[2012/01/28 08:19:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\WindowsUpdate
[2012/01/27 13:29:20 | 000,000,000 | ---D | C] -- C:\Users\msuman\Documents\ForceField Shared Files
[2012/01/27 13:29:19 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\CheckPoint
[2012/01/27 13:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/27 13:28:53 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\Conduit
[2012/01/27 13:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2012/01/27 13:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/01/27 13:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/01/27 13:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/27 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\ElevatedDiagnostics
[2012/01/27 06:06:00 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/01/27 06:01:59 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\Sophos
[2012/01/27 05:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/01/27 05:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/01/27 05:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/01/27 05:58:00 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/01/27 05:56:46 | 000,024,312 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012/01/27 05:56:43 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/01/27 05:56:39 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2012/01/27 05:56:31 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/01/27 05:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/01/27 05:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/01/26 16:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/26 10:05:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/26 09:43:53 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\temp
[2012/01/25 21:00:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 07:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/22 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\E594A
[2012/01/22 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\C4EE5
[2012/01/22 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\SanctionedMedia
[2012/01/11 12:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/11 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/11 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\Malwarebytes
[2012/01/11 10:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 10:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 10:47:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/11 10:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 09:33:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/11 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/01/11 09:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/11 09:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/04 20:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/04 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/04 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\msuman\*.tmp files -> C:\Users\msuman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/02 05:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
[2012/02/02 05:28:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 05:27:45 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 05:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 05:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 05:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/02/02 05:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 18:37:57 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/01 18:37:42 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 06:20:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 07:42:43 | 000,330,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 17:03:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 17:03:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 13:31:08 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/01/27 06:06:00 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/01/27 05:56:59 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/01/27 05:56:46 | 000,024,312 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012/01/27 05:56:43 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/01/27 05:56:39 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2012/01/27 05:56:31 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/01/27 05:48:50 | 000,000,600 | ---- | M] () -- C:\Users\msuman\Desktop\Norton_Removal_Tool - Shortcut.lnk
[2012/01/27 05:47:59 | 000,000,555 | ---- | M] () -- C:\Users\msuman\Desktop\AppRemover - Shortcut.lnk
[2012/01/26 09:45:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/26 08:48:16 | 000,001,356 | ---- | M] () -- C:\Users\msuman\AppData\Local\d3d9caps.dat
[2012/01/25 20:40:57 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/25 20:40:57 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/25 19:18:55 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/25 06:29:13 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/24 20:04:26 | 000,030,735 | ---- | M] () -- C:\Users\msuman\Documents\malwarebytes BKD-7362011316.pdf
[2012/01/21 21:08:55 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/13 19:51:19 | 000,000,907 | ---- | M] () -- C:\Users\msuman\Application Data\Microsoft\Internet Explorer\Quick Launch\circles Asuka Kimishima 002 - Shortcut.lnk
[2012/01/11 12:04:22 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/05 04:45:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/04 20:38:59 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\msuman\*.tmp files -> C:\Users\msuman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/28 09:33:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\ErrorEND.job
[2012/01/27 13:30:04 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/01/27 05:48:50 | 000,000,600 | ---- | C] () -- C:\Users\msuman\Desktop\Norton_Removal_Tool - Shortcut.lnk
[2012/01/27 05:47:59 | 000,000,555 | ---- | C] () -- C:\Users\msuman\Desktop\AppRemover - Shortcut.lnk
[2012/01/26 08:54:41 | 2110,771,200 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/25 19:11:15 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/24 20:04:25 | 000,030,735 | ---- | C] () -- C:\Users\msuman\Documents\malwarebytes BKD-7362011316.pdf
[2012/01/21 21:08:55 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/21 21:08:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 19:51:19 | 000,000,907 | ---- | C] () -- C:\Users\msuman\Application Data\Microsoft\Internet Explorer\Quick Launch\circles Asuka Kimishima 002 - Shortcut.lnk
[2012/01/11 12:04:22 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/11 10:48:40 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 20:38:59 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/24 15:51:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/03/24 15:51:28 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/16 14:34:45 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2011/01/06 17:10:30 | 000,000,011 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/09/22 16:01:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/20 17:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 17:40:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/16 14:01:04 | 000,061,678 | ---- | C] () -- C:\Users\msuman\AppData\Roaming\PFP100JPR.{PB
[2009/02/16 14:01:04 | 000,012,358 | ---- | C] () -- C:\Users\msuman\AppData\Roaming\PFP100JCM.{PB
[2009/02/13 20:48:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/06 09:53:44 | 000,017,920 | ---- | C] () -- C:\Users\msuman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:39:21 | 000,001,356 | ---- | C] () -- C:\Users\msuman\AppData\Local\d3d9caps.dat
[2009/01/29 00:08:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/01/29 00:08:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/01/29 00:08:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/01/29 00:06:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/03 15:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,330,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/22 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\C4EE5
[2012/01/27 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\CheckPoint
[2012/01/22 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\E594A
[2011/05/24 19:38:00 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\PCDr
[2009/08/23 10:36:56 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\Uniblue
[2010/02/25 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\uTorrent
[2010/11/27 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\WhiteSmokeSetup
[2010/11/27 15:04:11 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\WhiteSmokeTranslator
[2012/02/02 05:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2012/01/05 04:45:23 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/01 12:33:51 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/01 18:37:57 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 02:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/01 22:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 04:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 04:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2009/01/28 21:17:42 | 000,004,940 | ---- | M] () MD5=D798A5AB52391B0379BF9362C830216D -- C:\Windows\inf\volsnap.PNF
[2009/01/28 21:17:42 | 000,004,940 | ---- | M] () MD5=EC59A0A78096C0FC3DA8BB653D1FE54D -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 01:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 18:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 18:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/20 18:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/20 18:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 04:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 641 bytes -> C:\Users\msuman\Documents\bookmarks.eml:OECustomProperty

< End of report >

Edited by knarf1, 02 February 2012 - 08:07 AM.

  • 0

#57
knarf1
Posted 02 February 2012 - 08:02 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OTL logfile created on: 2/2/2012 5:36:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\msuman\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.51% Memory free
4.17 Gb Paging File | 2.76 Gb Available in Paging File | 66.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 119.83 Gb Free Space | 53.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 2794.52 Gb Total Space | 2350.14 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

Computer Name: MSUMAN-PC | User Name: msuman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 05:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
PRC - [2012/01/27 06:06:41 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/01/27 06:05:27 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/27 05:57:05 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 19:48:26 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/03 06:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 06:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/05/06 12:36:09 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/18 22:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 14:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/27 06:06:41 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/27 06:05:27 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/01/27 05:57:05 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 06:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/18 22:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 14:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2012/01/27 06:06:00 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/01/27 05:56:46 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/27 05:56:43 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/27 05:56:31 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 06:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008/12/23 03:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/26 09:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 23:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/06/10 12:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.9.0.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59273

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/11 08:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/27 13:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 09:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 09:09:59 | 000,000,000 | ---D | M]

[2011/01/14 18:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\msuman\AppData\Roaming\Mozilla\Extensions
[2012/02/01 20:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions
[2011/02/24 16:46:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/28 15:23:56 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\msuman\AppData\Roaming\Mozilla\Firefox\Profiles\huiexf3r.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/01/27 13:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/30 12:48:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 03:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/11 08:30:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\msuman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\msuman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/01/26 09:45:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1740862935-1246708322-3228964381-1001\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF48691-42FF-4A13-8013-5A1CC8DE2354}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\msuman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\msuman\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/22 17:13:38 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 05:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
[2012/01/28 23:24:29 | 000,000,000 | ---D | C] -- C:\Users\msuman\Documents\Remote Assistance Logs
[2012/01/28 10:13:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/28 09:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND
[2012/01/28 09:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorEND
[2012/01/28 08:19:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\WindowsUpdate
[2012/01/27 13:29:20 | 000,000,000 | ---D | C] -- C:\Users\msuman\Documents\ForceField Shared Files
[2012/01/27 13:29:19 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\CheckPoint
[2012/01/27 13:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/27 13:28:53 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\Conduit
[2012/01/27 13:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2012/01/27 13:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/01/27 13:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/01/27 13:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/27 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\ElevatedDiagnostics
[2012/01/27 06:06:00 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/01/27 06:01:59 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\Sophos
[2012/01/27 05:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/01/27 05:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/01/27 05:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/01/27 05:58:00 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/01/27 05:56:46 | 000,024,312 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012/01/27 05:56:43 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/01/27 05:56:39 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2012/01/27 05:56:31 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/01/27 05:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/01/27 05:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/01/26 16:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/26 10:05:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/26 09:43:53 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\temp
[2012/01/25 21:00:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 07:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/22 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\E594A
[2012/01/22 18:08:29 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\C4EE5
[2012/01/22 18:08:22 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Local\SanctionedMedia
[2012/01/11 12:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/11 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/11 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\msuman\AppData\Roaming\Malwarebytes
[2012/01/11 10:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 10:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 10:47:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/11 10:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 09:33:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/11 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/01/11 09:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/11 09:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/04 20:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/04 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/04 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\msuman\*.tmp files -> C:\Users\msuman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/02 05:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\msuman\Desktop\OTL.exe
[2012/02/02 05:28:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 05:27:45 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 05:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 05:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 05:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/02/02 05:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 18:37:57 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/01 18:37:42 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 06:20:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 07:42:43 | 000,330,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 17:03:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/27 17:03:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 13:31:08 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/01/27 06:06:00 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/01/27 05:56:59 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012/01/27 05:56:46 | 000,024,312 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012/01/27 05:56:43 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2012/01/27 05:56:39 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2012/01/27 05:56:31 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/01/27 05:48:50 | 000,000,600 | ---- | M] () -- C:\Users\msuman\Desktop\Norton_Removal_Tool - Shortcut.lnk
[2012/01/27 05:47:59 | 000,000,555 | ---- | M] () -- C:\Users\msuman\Desktop\AppRemover - Shortcut.lnk
[2012/01/26 09:45:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/26 08:48:16 | 000,001,356 | ---- | M] () -- C:\Users\msuman\AppData\Local\d3d9caps.dat
[2012/01/25 20:40:57 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/25 20:40:57 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/25 19:18:55 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/25 06:29:13 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/24 20:04:26 | 000,030,735 | ---- | M] () -- C:\Users\msuman\Documents\malwarebytes BKD-7362011316.pdf
[2012/01/21 21:08:55 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/13 19:51:19 | 000,000,907 | ---- | M] () -- C:\Users\msuman\Application Data\Microsoft\Internet Explorer\Quick Launch\circles Asuka Kimishima 002 - Shortcut.lnk
[2012/01/11 12:04:22 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/05 04:45:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/04 20:38:59 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\msuman\*.tmp files -> C:\Users\msuman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/28 09:33:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\ErrorEND.job
[2012/01/27 13:30:04 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/01/27 05:48:50 | 000,000,600 | ---- | C] () -- C:\Users\msuman\Desktop\Norton_Removal_Tool - Shortcut.lnk
[2012/01/27 05:47:59 | 000,000,555 | ---- | C] () -- C:\Users\msuman\Desktop\AppRemover - Shortcut.lnk
[2012/01/26 08:54:41 | 2110,771,200 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/25 19:11:15 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/01/24 20:04:25 | 000,030,735 | ---- | C] () -- C:\Users\msuman\Documents\malwarebytes BKD-7362011316.pdf
[2012/01/21 21:08:55 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/21 21:08:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 19:51:19 | 000,000,907 | ---- | C] () -- C:\Users\msuman\Application Data\Microsoft\Internet Explorer\Quick Launch\circles Asuka Kimishima 002 - Shortcut.lnk
[2012/01/11 12:04:22 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/11 10:48:40 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/04 20:38:59 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/24 15:51:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/03/24 15:51:28 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/16 14:34:45 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2011/01/06 17:10:30 | 000,000,011 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/09/22 16:01:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/20 17:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 17:40:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/16 14:01:04 | 000,061,678 | ---- | C] () -- C:\Users\msuman\AppData\Roaming\PFP100JPR.{PB
[2009/02/16 14:01:04 | 000,012,358 | ---- | C] () -- C:\Users\msuman\AppData\Roaming\PFP100JCM.{PB
[2009/02/13 20:48:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/06 09:53:44 | 000,017,920 | ---- | C] () -- C:\Users\msuman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:39:21 | 000,001,356 | ---- | C] () -- C:\Users\msuman\AppData\Local\d3d9caps.dat
[2009/01/29 00:08:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/01/29 00:08:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/01/29 00:08:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/01/29 00:06:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/03 15:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,330,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/22 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\C4EE5
[2012/01/27 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\CheckPoint
[2012/01/22 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\E594A
[2011/05/24 19:38:00 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\PCDr
[2009/08/23 10:36:56 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\Uniblue
[2010/02/25 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\uTorrent
[2010/11/27 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\WhiteSmokeSetup
[2010/11/27 15:04:11 | 000,000,000 | ---D | M] -- C:\Users\msuman\AppData\Roaming\WhiteSmokeTranslator
[2012/02/02 05:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2012/01/05 04:45:23 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/01 12:33:51 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/01 18:37:57 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 02:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/01 22:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 04:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 04:38:54 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2009/01/28 21:17:42 | 000,004,940 | ---- | M] () MD5=D798A5AB52391B0379BF9362C830216D -- C:\Windows\inf\volsnap.PNF
[2009/01/28 21:17:42 | 000,004,940 | ---- | M] () MD5=EC59A0A78096C0FC3DA8BB653D1FE54D -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 01:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 18:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 18:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/20 18:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/20 18:35:34 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 04:38:59 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/01 09:09:58 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/01 09:09:56 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/19 21:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 05:04:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/04 05:04:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 641 bytes -> C:\Users\msuman\Documents\bookmarks.eml:OECustomProperty

< End of report >
  • 0

#58
knarf1
Posted 02 February 2012 - 08:05 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OTL Extras logfile created on: 2/2/2012 5:36:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\msuman\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.51% Memory free
4.17 Gb Paging File | 2.76 Gb Available in Paging File | 66.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 119.83 Gb Free Space | 53.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 2794.52 Gb Total Space | 2350.14 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

Computer Name: MSUMAN-PC | User Name: msuman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9E595-9EEB-47B2-8835-DBE9D24CFDE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{06A07BFC-ED1B-4B12-951A-AA9F9FB020A8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{07E69D69-0E28-48B6-A7E9-63011F6C433A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2D5E0B9A-832B-49AE-A06B-2E5603BBB706}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{4A718288-8287-4FDC-B257-F09B692BBE2B}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{5CB0C02A-C9B5-4B3E-862B-B2BD736D4209}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7A4B61A4-097A-4BDA-B8A3-AAE01247FAF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EB609F6-7E5A-4CFE-8855-96121EED57D1}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{A976ED90-490A-4CAD-A2BC-5EC567060B56}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{C1E07621-2A06-49D4-ADE4-3D5D3BF4AF3F}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{D0058D36-C3BF-4190-8667-91AC92B2A930}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{D843A527-CFAD-4748-A268-037035E88F83}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{F4911030-B414-454C-A905-D44C8655FB6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7691B16-B1C7-4EC4-B8F2-C1053EABEE37}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Support Center" = Dell Support Center
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"RealPlayer 12.0" = RealPlayer
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 2:41:20 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 3:29:48 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 3:33:08 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 10:15:49 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 10:53:07 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 12:52:45 PM | Computer Name = msuman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ef4 Start Time: 01cce0f162002301 Termination Time: 41

Error - 2/1/2012 10:38:08 PM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 11:04:10 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/1/2012 11:04:11 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16037

Error - 2/1/2012 11:04:11 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16037

[ System Events ]
Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...neAlarm\vsmon.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cce1ae73017c10]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...2\wbem\wmisvc.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
services.exe, (start check timestamp [ 1cce1ae73572d90]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tem32\ShimEng.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
GoogleUpdate.ex, (start check timestamp [ 1cce1ae73598ef0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\iphlpapi.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
agent.exe, (start check timestamp [ 1cce1ae73598ef0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\ipnathlp.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
services.exe, (start check timestamp [ 1cce1ae735bf050]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...grams\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
explorer.exe, (start check timestamp [ 1cce1ae7360b310]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\RasApi32.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1cce1ae736c99f0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ories\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
explorer.exe, (start check timestamp [ 1cce1ae736c99f0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...date\setu3270.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
realsched.exe, (start check timestamp [ 1cce1ae7360b310]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tem32\SensApi.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
SearchIndexer.e, (start check timestamp [ 1cce1ae7360b310]).


< End of report >
  • 0

#59
knarf1
Posted 02 February 2012 - 09:01 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OTL Extras logfile created on: 2/2/2012 5:36:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\msuman\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.51% Memory free
4.17 Gb Paging File | 2.76 Gb Available in Paging File | 66.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 119.83 Gb Free Space | 53.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.74 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 2794.52 Gb Total Space | 2350.14 Gb Free Space | 84.10% Space Free | Partition Type: NTFS

Computer Name: MSUMAN-PC | User Name: msuman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9E595-9EEB-47B2-8835-DBE9D24CFDE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{06A07BFC-ED1B-4B12-951A-AA9F9FB020A8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{07E69D69-0E28-48B6-A7E9-63011F6C433A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2D5E0B9A-832B-49AE-A06B-2E5603BBB706}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{4A718288-8287-4FDC-B257-F09B692BBE2B}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{5CB0C02A-C9B5-4B3E-862B-B2BD736D4209}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7A4B61A4-097A-4BDA-B8A3-AAE01247FAF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EB609F6-7E5A-4CFE-8855-96121EED57D1}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{A976ED90-490A-4CAD-A2BC-5EC567060B56}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{C1E07621-2A06-49D4-ADE4-3D5D3BF4AF3F}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{D0058D36-C3BF-4190-8667-91AC92B2A930}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{D843A527-CFAD-4748-A268-037035E88F83}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{F4911030-B414-454C-A905-D44C8655FB6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7691B16-B1C7-4EC4-B8F2-C1053EABEE37}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Support Center" = Dell Support Center
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"RealPlayer 12.0" = RealPlayer
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1740862935-1246708322-3228964381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 2:41:20 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 3:29:48 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 3:33:08 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 10:15:49 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 10:53:07 AM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 12:52:45 PM | Computer Name = msuman-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ef4 Start Time: 01cce0f162002301 Termination Time: 41

Error - 2/1/2012 10:38:08 PM | Computer Name = msuman-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2012 11:04:10 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/1/2012 11:04:11 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16037

Error - 2/1/2012 11:04:11 PM | Computer Name = msuman-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16037

[ System Events ]
Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...neAlarm\vsmon.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cce1ae73017c10]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...2\wbem\wmisvc.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
services.exe, (start check timestamp [ 1cce1ae73572d90]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tem32\ShimEng.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
GoogleUpdate.ex, (start check timestamp [ 1cce1ae73598ef0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\iphlpapi.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
agent.exe, (start check timestamp [ 1cce1ae73598ef0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\ipnathlp.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
services.exe, (start check timestamp [ 1cce1ae735bf050]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...grams\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
explorer.exe, (start check timestamp [ 1cce1ae7360b310]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...em32\RasApi32.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
ALsvc.exe, (start check timestamp [ 1cce1ae736c99f0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...ories\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
explorer.exe, (start check timestamp [ 1cce1ae736c99f0]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...date\setu3270.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
realsched.exe, (start check timestamp [ 1cce1ae7360b310]).

Error - 2/2/2012 9:27:46 AM | Computer Name = msuman-PC | Source = SAVOnAccess | ID = 3997781
Description = File [...tem32\SensApi.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
SearchIndexer.e, (start check timestamp [ 1cce1ae7360b310]).


< End of report >
  • 0

#60
knarf1
Posted 02 February 2012 - 09:03 AM

knarf1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
The FixMBR button is available. The FIX button is not available.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP