Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possibe infection


  • Please log in to reply

#1
Sharon Lee

Sharon Lee

    Member

  • Member
  • PipPipPip
  • 512 posts
Symptoms: Computer very slow. Have a message pop up everytime I go to a web site: "Internet Explorer has encounted a problem and needs to close. We are sorry for the inconvenience. Pleast tell Microsoft about this problem. We have created an error report that you can send to help us." I sent and sent and I still am having the problem.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator, XP just double click)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
OTL logfile created on: 1/27/2012 1:47:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sharon\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 68.31 Mb Available Physical Memory | 15.30% Memory free
1.03 Gb Paging File | 0.51 Gb Available in Paging File | 49.50% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.27 Gb Free Space | 82.25% Space Free | Partition Type: NTFS

Computer Name: OWNER-2B2129D50 | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/26 20:59:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
PRC - [2011/10/18 11:10:49 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2011/07/01 23:34:22 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2011/07/01 23:34:20 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2011/07/01 23:34:16 | 001,123,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
PRC - [2011/07/01 23:34:14 | 001,570,128 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
PRC - [2010/12/20 14:31:18 | 000,365,960 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/09/01 06:42:50 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 11:10:49 | 000,222,536 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll
MOD - [2011/07/01 23:35:04 | 000,652,624 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\SQLite3.dll
MOD - [2011/06/28 16:14:30 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2011/03/14 14:41:06 | 000,590,416 | ---- | M] () -- C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll
MOD - [2011/02/24 13:33:28 | 000,706,640 | ---- | M] () -- C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll
MOD - [2006/08/23 13:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/18 11:10:49 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/07/01 23:34:22 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/07/01 23:34:20 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2010/04/16 09:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 14:52:09 | 000,150,608 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2011/09/23 14:52:09 | 000,116,304 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2011/05/12 16:22:18 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/05/10 16:45:42 | 000,164,944 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/05/02 09:40:18 | 000,123,984 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2011/03/23 15:29:02 | 000,083,536 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/03/23 15:29:02 | 000,063,056 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2011/02/24 13:33:28 | 000,082,000 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2006/11/21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
IE - HKCU\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/07/28 13:04:03 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Road Runner Toolbar) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe File not found
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG Spirit\AGRemind.exe (TLC Productivity Properties LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1323180871156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FAAEC4-70B4-444A-8C95-591EA59745D9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/25 17:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 20:59:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
[2012/01/25 10:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/23 14:37:30 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Sharon\My Documents\VEW.exe
[2012/01/16 22:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sharon\Recent
[2012/01/14 15:24:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/14 15:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/01/10 11:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Application Data\spotmau
[2012/01/10 11:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 13:41:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B8A5EAC-8DEB-4366-A45A-7F0736942A8C}.job
[2012/01/27 08:54:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 08:53:19 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/27 08:53:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 21:20:02 | 000,000,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2012/01/26 21:20:02 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/01/26 21:20:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/01/26 21:20:01 | 002,337,645 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2012/01/26 21:20:01 | 000,757,564 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/01/26 20:59:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
[2012/01/26 20:24:54 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/25 20:25:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/25 19:40:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/01/23 14:37:34 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Sharon\My Documents\VEW.exe
[2012/01/13 09:24:54 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/10 18:15:35 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2011 Deluxe.lnk
[2012/01/10 18:15:35 | 000,002,034 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/01/10 11:30:45 | 000,046,640 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml.urlencode
[2012/01/10 11:30:44 | 000,034,861 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml
[2011/12/29 22:25:26 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/29 22:17:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/29 22:17:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/29 21:23:14 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/29 21:23:14 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 20:25:17 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/25 11:49:36 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
[2012/01/25 11:46:53 | 000,002,034 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/01/13 09:24:53 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 09:24:53 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/10 11:30:45 | 000,046,640 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml.urlencode
[2012/01/10 11:30:44 | 000,034,861 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml
[2011/12/29 22:25:26 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/16 20:14:15 | 004,469,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/28 13:05:19 | 001,422,672 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2011/07/28 13:03:56 | 002,760,720 | ---- | C] () -- C:\WINDOWS\System32\svcprs32.exe
[2011/07/28 13:03:55 | 004,108,304 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2011/07/28 13:03:53 | 003,207,184 | ---- | C] () -- C:\WINDOWS\System32\mdmcls32.exe
[2011/07/28 13:03:53 | 001,744,912 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2011/07/28 13:03:53 | 000,098,320 | ---- | C] () -- C:\WINDOWS\System32\winsfinst.exe
[2011/07/27 14:55:50 | 000,010,237 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2011/07/25 20:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/25 17:42:44 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/07/25 17:42:44 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/07/25 17:42:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/07/25 17:42:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/07/25 17:42:43 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/07/25 17:42:43 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/07/25 17:42:43 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/07/25 17:42:43 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/07/25 17:42:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/07/25 17:42:43 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/07/25 17:42:42 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/07/25 17:03:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 16:58:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/25 12:53:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/25 12:52:03 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/17 16:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 16:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/28 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/28 18:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/07/25 19:55:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/30 17:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2011/07/28 11:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/20 14:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/01/11 09:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2011/11/25 18:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Auslogics
[2011/07/25 20:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\AVG10
[2011/08/05 15:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/20 14:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\DriverCure
[2011/11/29 20:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Fighters
[2011/11/25 18:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Sammsoft
[2011/08/20 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\SpeedMaxPc
[2012/01/10 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\spotmau
[2011/07/27 15:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\SupportSoft
[2012/01/27 13:41:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B8A5EAC-8DEB-4366-A45A-7F0736942A8C}.job

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 1/27/2012 1:47:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sharon\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 68.31 Mb Available Physical Memory | 15.30% Memory free
1.03 Gb Paging File | 0.51 Gb Available in Paging File | 49.50% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.27 Gb Free Space | 82.25% Space Free | Partition Type: NTFS

Computer Name: OWNER-2B2129D50 | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Sharon\My Documents\GoogleDesktopSetup.exe" = C:\Documents and Settings\Sharon\My Documents\GoogleDesktopSetup.exe:*:Enabled:GoogleDesktopSetup


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{453D5A4E-4EF8-4A27-B3B6-A6A14389AF7C}" = HIPS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}" = American Greetings Spiritual Expressions 6
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CAAPH2" = APH placeholder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eTrust Suite Personal" = CA Internet Security Suite
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Road_Runner Toolbar" = Road Runner Toolbar
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2012 1:34:01 PM | Computer Name = OWNER-2B2129D50 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/24/2012 1:41:42 PM | Computer Name = OWNER-2B2129D50 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 1/25/2012 11:51:26 AM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 110
Description = Ask User application closed itself. Product: 1, Sess: 0

Error - 1/25/2012 11:51:26 AM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 1/25/2012 12:14:38 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 110
Description = Ask User application closed itself. Product: 1, Sess: 0

Error - 1/25/2012 12:14:38 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 1/25/2012 12:17:04 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 110
Description = Ask User application closed itself. Product: 1, Sess: 0

Error - 1/25/2012 12:17:04 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

Error - 1/25/2012 12:19:36 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 110
Description = Ask User application closed itself. Product: 1, Sess: 0

Error - 1/25/2012 12:19:36 PM | Computer Name = OWNER-2B2129D50 | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
registration timeout

[ System Events ]
Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:29 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:28:33 PM | Computer Name = OWNER-2B2129D50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 1/25/2012 8:37:34 PM | Computer Name = OWNER-2B2129D50 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/26/2012 10:17:14 AM | Computer Name = OWNER-2B2129D50 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/27/2012 9:53:56 AM | Computer Name = OWNER-2B2129D50 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
It looks to me like your main problem is your CA antivirus and something called Tiny Firewall which I think is probably part of CA. This isn't much of an antivirus in the first place so let's uninstall it and try a much better antivirus that you can get for free.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
(Click on the Download button for the free version (on the left) then it will try and talk you into buying the pay version but tell it No, Thanks I want Free Protection.) Finally it takes you to a Cnet page where you can click the big green Download Now button. I would save it to the desktop if you can. Makes it easier to find. The download should be called setup_av_free_cnet.exe. Don't try and install it yet.)

Uninstall CA (I see two different programs in your uninstall list:
CA Anti-Virus Plus
CA Internet Security Suite

Don't know if you need to uninstall both or if uninstalling one will uninstall the other. I would uninstall CA Internet Security Suite first and then if the other is still there uninstall it too.)
Here are some instructions on how to remove CA from their website if you need them.
http://cainternetsec...D.aspx?KDId=747

Reboot and install Avast by doubleclicking on setup_av_free_cnet.exe. Register when they ask you to. They don't ask for much info tho they will probably try and talk you into the pay version. Just be firm. It may want to reboot to complete the install. Let it.

Once you have Avast working let's clear the alarms and reboot and look to see what new alarms we get:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
(The above clears the alarms)

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop. VEW is just an easy way to convert the alarms to a text file that I can read:

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply

Ron
  • 0

#5
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
All right, I will get started on this. Funny that Roadrunner recommended that antivirus to its customers. Thank you for your help.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Roadrunner recommended that antivirus to its customers.


Roadrunner probably got paid for that recommendation or got a special deal so they can give it away. If you look at the latest anti-virus tests:

http://www.av-test.o...ts/novdec-2011/

You will not see CA except for their newest product which is called Total Defense: Internet Security Suite. Note also that it didn't even score high enough to be certified.
My favorite Avast didn't do as well in this as it usually does but it is still above CA in all categories and you can't beat the price.

Ron
  • 0

#7
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/01/2012 8:18:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
That looks much better. Do you still have a problem?

Ron
  • 0

#9
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/01/2012 8:26:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/01/2012 11:19:36 AM
Type: error Category: 0
Event: 99 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 11:19:36 AM
Type: error Category: 0
Event: 110 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 11:17:04 AM
Type: error Category: 0
Event: 99 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 11:17:04 AM
Type: error Category: 0
Event: 110 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 11:14:38 AM
Type: error Category: 0
Event: 99 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 11:14:38 AM
Type: error Category: 0
Event: 110 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 10:51:26 AM
Type: error Category: 0
Event: 99 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2012 10:51:26 AM
Type: error Category: 0
Event: 110 Source: UmxAgent
The event description cannot be found.

Log: 'Application' Date/Time: 24/01/2012 12:41:42 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Log: 'Application' Date/Time: 24/01/2012 12:34:01 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1180947459.

Log: 'Application' Date/Time: 24/01/2012 12:33:42 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 23/01/2012 2:50:06 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
I shall use my computer and go to a few of the web pages I usually go to and see what happens. I am glad it looks better. That is a good sign is it not? Thank you.
  • 0

Advertisements


#11
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
I went to several sites I usually go to and the (Internet Explorer has encountered a problem, did not show up at all. And it was doing this each time I would go to a web page and I would have to get off that web page. This is very good. I am really happy about that. It really was such a pain. Thank you so much.
  • 0

#12
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
I forgot to ask you something. I have this CNET TechTRACker that wants to download. Was I suppose to do that along with the virus download?
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
No we don't want the CNET TechTRACker. You still have some remnants of the CA so please run OTL, Quickscan and post the log.

Ron
  • 0

#14
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts
OTL logfile created on: 1/27/2012 9:30:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sharon\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 120.14 Mb Available Physical Memory | 26.91% Memory free
1.03 Gb Paging File | 0.74 Gb Available in Paging File | 71.32% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 61.09 Gb Free Space | 82.00% Space Free | Partition Type: NTFS

Computer Name: OWNER-2B2129D50 | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/26 20:59:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/20 14:31:18 | 000,365,960 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/27 15:17:57 | 001,687,552 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12012701\algo.dll
MOD - [2006/08/23 13:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 09:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/11/21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
IE - HKCU\..\URLSearchHook: {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Road Runner Toolbar) - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Road Runner Toolbar) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - C:\Program Files\Road_Runner\prxtbRoa2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG Spirit\AGRemind.exe (TLC Productivity Properties LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1323180871156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70FAAEC4-70B4-444A-8C95-591EA59745D9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/25 17:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 20:40:15 | 003,846,912 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\Sharon\My Documents\CNET_TechTracker_2_1_0_69_Setup.exe
[2012/01/27 20:13:19 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Sharon\Desktop\VEW.exe
[2012/01/27 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/27 19:03:52 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/27 19:03:52 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/27 19:03:49 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/27 19:03:48 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/27 19:03:48 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/27 19:03:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/27 19:03:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/27 19:03:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/27 19:03:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/27 19:03:24 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/27 19:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/27 19:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/27 18:56:19 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Documents and Settings\Sharon\Desktop\cnet2_CNET_TechTracker_Setup_exe.exe
[2012/01/26 20:59:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
[2012/01/25 10:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/23 14:37:30 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Sharon\My Documents\VEW.exe
[2012/01/16 22:02:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sharon\Recent
[2012/01/14 15:24:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/14 15:24:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/01/10 11:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sharon\Application Data\spotmau
[2012/01/10 11:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 21:37:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B8A5EAC-8DEB-4366-A45A-7F0736942A8C}.job
[2012/01/27 20:39:42 | 003,846,912 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\Sharon\My Documents\CNET_TechTracker_2_1_0_69_Setup.exe
[2012/01/27 20:16:26 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Sharon\My Documents\VEW.exe
[2012/01/27 20:13:20 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Sharon\Desktop\VEW.exe
[2012/01/27 19:47:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 19:46:51 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/27 19:46:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/27 19:03:53 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/27 19:03:47 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/27 18:59:19 | 000,758,764 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/01/27 18:56:20 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Documents and Settings\Sharon\Desktop\cnet2_CNET_TechTracker_Setup_exe.exe
[2012/01/27 18:54:39 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Sharon\My Documents\setup_av_free_cnet.exe
[2012/01/27 18:54:39 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Sharon\Desktop\setup_av_free_cnet.exe
[2012/01/26 20:59:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sharon\My Documents\OTL.exe
[2012/01/26 20:24:54 | 000,375,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/25 20:25:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/25 19:40:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/01/13 09:24:54 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/10 18:15:35 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2011 Deluxe.lnk
[2012/01/10 18:15:35 | 000,002,034 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/01/10 11:30:45 | 000,046,640 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml.urlencode
[2012/01/10 11:30:44 | 000,034,861 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml
[2011/12/29 22:25:26 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/29 22:17:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/29 22:17:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/29 21:23:14 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/29 21:23:14 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 20:38:33 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Sharon\My Documents\setup_av_free_cnet.exe
[2012/01/27 19:03:53 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/27 18:54:35 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Sharon\Desktop\setup_av_free_cnet.exe
[2012/01/25 20:25:17 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/25 11:49:36 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
[2012/01/25 11:46:53 | 000,002,034 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/01/13 09:24:53 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 09:24:53 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/10 11:30:45 | 000,046,640 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml.urlencode
[2012/01/10 11:30:44 | 000,034,861 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\userenv.xml
[2011/12/29 22:25:26 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/16 20:14:15 | 004,701,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/27 14:55:50 | 000,010,237 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2011/07/25 20:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/25 17:42:44 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/07/25 17:42:44 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/07/25 17:42:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/07/25 17:42:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/07/25 17:42:43 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/07/25 17:42:43 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/07/25 17:42:43 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/07/25 17:42:43 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/07/25 17:42:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/07/25 17:42:43 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/07/25 17:42:42 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/07/25 17:03:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 16:58:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/25 12:53:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/25 12:52:03 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/17 16:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 16:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/25 18:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Auslogics
[2011/07/25 20:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\AVG10
[2011/08/05 15:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/20 14:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\DriverCure
[2011/11/29 20:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Fighters
[2011/11/25 18:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\Sammsoft
[2011/08/20 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\SpeedMaxPc
[2012/01/10 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\spotmau
[2011/07/27 15:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sharon\Application Data\SupportSoft
[2012/01/27 19:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/28 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/07/25 19:55:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/30 17:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2011/07/28 11:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/20 14:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/01/11 09:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2012/01/27 21:37:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B8A5EAC-8DEB-4366-A45A-7F0736942A8C}.job

========== Purity Check ==========



< End of report >
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
OK. I see what happened. You didn't clear the Application events and I'm seeing old errors.

You were talking about it being slow. Is it any faster now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP