Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect problem [Solved]

Started by curryjohn , Mar 20 2012 04:11 PM

This topic is locked

#16
curryjohn

Posted 26 March 2012 - 03:19 PM

Member

Topic Starter
Member
31 posts

AVP tool zip file attached.

Attached Files

avptool_sysinfo.zip 17.68KB 110 downloads

#17
Essexboy

Posted 26 March 2012 - 03:26 PM

GeekU Moderator

Retired Staff
69,964 posts

That looks nice and clean - what are your current problems ?

#18
curryjohn

Posted 26 March 2012 - 04:02 PM

Member

Topic Starter
Member
31 posts

Glad to know the re-director has been "re-directed" off my computer. I appreciate your efforts and I will be clicking on your Paypal link to help fight malware. The only other issue I have is getting a System 35 error on Startup (Small MS-DOS type window on bottom taskbar), but it goes away after other programs load.

#19
Essexboy

Posted 27 March 2012 - 01:18 PM

GeekU Moderator

Retired Staff
69,964 posts

Thank you for the donation :cheers:

Hmm never come across that error before - If you are willing we could try to track it down

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
- Do you want to skip supplementary searches?
  click NO
If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

#20
curryjohn

Posted 27 March 2012 - 02:39 PM

Member

Topic Starter
Member
31 posts

You are quite welcome. I have an officemate who also has a sluggish computer, and I may be starting a new thread on her behalf.

I attempted to right-click Silent Runners but Trend Micro would not allow me to download. I will try to put on a jump drive tonight.

#21
Essexboy

Posted 27 March 2012 - 02:42 PM

GeekU Moderator

Retired Staff
69,964 posts

Ta - If you are running the thread for her you might as well tack it on the end of this one

#22
curryjohn

Posted 27 March 2012 - 04:15 PM

Member

Topic Starter
Member
31 posts

HERE IS HER OTL LOG- Internet is closing abruptly; Emails through Outlook are shutting down without warning. She would also like to eliminate Bearshare off computer.

OTL logfile created on: 3/27/2012 4:57:48 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\abq\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 508.35 Mb Available Physical Memory | 49.74% Memory free
1.66 Gb Paging File | 1.23 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.61 Gb Free Space | 4.32% Space Free | Partition Type: NTFS
Drive D: | 14.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2000.00 Gb Total Space | 994.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
Drive H: | 465.75 Gb Total Space | 428.25 Gb Free Space | 91.95% Space Free | Partition Type: NTFS
Drive I: | 2000.00 Gb Total Space | 994.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
Drive J: | 465.75 Gb Total Space | 428.25 Gb Free Space | 91.95% Space Free | Partition Type: NTFS

Computer Name: CJGGM109 | User Name: agb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 15:53:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/01/03 08:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/06/01 13:28:14 | 001,545,144 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011/04/20 16:34:30 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/07/29 02:40:28 | 000,959,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/07/29 00:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/07/29 00:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 15:24:48 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2005/12/01 04:06:02 | 000,041,026 | ---- | M] (Corel Corporation) -- C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe
PRC - [2004/03/04 18:31:24 | 000,081,920 | ---- | M] () -- C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe
PRC - [2004/02/27 12:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/01/07 14:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/10 14:52:48 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2012/01/03 08:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2008/01/16 15:24:48 | 000,802,901 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
MOD - [2008/01/16 15:24:48 | 000,094,308 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll
MOD - [2008/01/16 15:24:48 | 000,053,349 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll
MOD - [2008/01/16 15:24:48 | 000,053,342 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll
MOD - [2008/01/16 15:24:48 | 000,032,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll
MOD - [2008/01/16 15:24:48 | 000,028,776 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
MOD - [2008/01/16 15:24:48 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
MOD - [2004/03/04 18:31:24 | 000,081,920 | ---- | M] () -- C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe
MOD - [2004/03/04 18:31:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\mrsplnt.dll
MOD - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
MOD - [2003/06/16 16:52:48 | 000,074,752 | ---- | M] () -- C:\WINDOWS\system32\jst.dll
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/10 14:52:48 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2010/07/29 00:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/07/29 00:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/08/20 14:53:00 | 000,177,232 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/20 14:53:00 | 000,067,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/08/20 14:53:00 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C47C03AB-C779-4C16-B39E-F50DC71910D7}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{C47C03AB-C779-4C16-B39E-F50DC71910D7}: "URL" = http://www.google.co...&rlz=1I7GGLD_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;127.0.0.1:9421;

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\FirefoxExtension [2011/04/20 16:50:02 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/12 08:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [eCopy Desktop Printer Service] C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\OfficeScan Client\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=012408 serial=wa12wrx-0000002-hmd lang=EN File not found
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} http://fs1.curriejoh...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} http://fs1.curriejoh...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://agate07.abs-m...t/IrcViewer.cab (CompositeView Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199911548404 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1213645159901 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file:///C:/WINDOWS/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} http://fs1.curriejoh...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} https://peerreview.m...cker/wspell.cab (WSpell Spelling Checker Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.90 4.2.2.3 24.116.0.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = curriejohnson.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2EE417-59F0-4276-B8A7-E6EEA12C5723}: DhcpNameServer = 192.168.0.90 4.2.2.3 24.116.0.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2EE417-59F0-4276-B8A7-E6EEA12C5723}: NameServer = 192.168.0.90,192.168.0.120,4.2.2.2
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\abq\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abq\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 15:01:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 15:53:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
[2012/03/27 11:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2012/03/23 12:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/23 12:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/23 11:51:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/21 11:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abq\Start Menu\Programs\Wilbur
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/27 15:53:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
[2012/03/27 15:44:57 | 000,014,617 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2012/03/27 11:55:36 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/03/27 11:55:30 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\83AD768089.sys
[2012/03/27 11:49:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/03/27 11:46:41 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2012/03/27 11:44:25 | 000,019,769 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\JUDGEMENT - JT. PET WITH CHILDREN.dotx
[2012/03/27 11:44:25 | 000,017,042 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Waiver as to Master.dotx
[2012/03/27 11:32:03 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/03/27 11:30:58 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\abq\Desktop\Microsoft Office Outlook 2003.lnk
[2012/03/27 11:30:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/27 11:29:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 12:06:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 15:03:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/20 16:59:02 | 412,208,634 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.off
[2012/03/20 16:58:57 | 322,436,067 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.wor
[2012/03/20 15:40:59 | 000,417,525 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Quave Settlement Agreement with handwritten changes.pdf
[2012/03/15 14:40:13 | 000,020,150 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Pauley v. RTG Dismissal.pdf
[2012/03/15 09:23:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\abq\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/14 03:28:18 | 000,325,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 03:28:18 | 000,044,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:25:21 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:03:00 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/09 13:30:52 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Custody.wpd
[2012/03/02 14:52:59 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\abq\Desktop\Microsoft Word.lnk
[2012/03/02 14:05:56 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2012/02/29 14:35:19 | 041,476,295 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.Wil
[2012/02/29 11:38:46 | 000,032,767 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.ski
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/27 11:46:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/03/27 11:46:41 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Doxillion Document Converter.lnk
[2012/03/27 11:46:41 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2012/03/27 11:44:25 | 000,019,769 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\JUDGEMENT - JT. PET WITH CHILDREN.dotx
[2012/03/27 11:44:25 | 000,017,042 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Waiver as to Master.dotx
[2012/03/23 12:06:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/20 15:40:34 | 000,417,525 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Quave Settlement Agreement with handwritten changes.pdf
[2012/03/15 14:40:13 | 000,020,150 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Pauley v. RTG Dismissal.pdf
[2012/03/09 13:30:52 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Custody.wpd
[2012/03/07 16:55:09 | 000,027,600 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Motion to Compel.wpd
[2012/03/07 16:55:04 | 000,012,209 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Motion to Seal 28th Supp Disclosure.wpd
[2012/03/07 16:54:47 | 000,110,138 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\MEMO in support of Motion to Compel.wpd
[2012/02/14 16:25:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 14:31:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\abq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/25 17:59:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/06/06 17:18:35 | 000,036,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/07 10:05:55 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\83AD768089.sys
[2011/04/07 10:05:54 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/05/21 10:33:47 | 000,067,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/05/21 10:33:47 | 000,057,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

========== LOP Check ==========

[2012/01/27 11:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Babylon
[2011/06/06 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\bsbandmltbpi
[2012/01/25 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\DVD-Cloner
[2012/01/27 11:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\InfraRecorder
[2012/01/26 14:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Leadertech
[2011/06/06 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\mediabarbs
[2009/08/12 14:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\ntr
[2009/02/05 14:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Snapfish
[2011/06/22 16:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4170
[2012/01/27 11:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/01/10 16:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2012/01/25 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2012/01/27 11:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/07 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/06 16:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/27 11:49:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/02/09 14:45:05 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >

AND HERE IS OTL EXTRAS LOG

OTL Extras logfile created on: 3/27/2012 4:42:11 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\abq\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 544.91 Mb Available Physical Memory | 53.32% Memory free
1.66 Gb Paging File | 1.28 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.61 Gb Free Space | 4.32% Space Free | Partition Type: NTFS
Drive D: | 14.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2000.00 Gb Total Space | 994.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
Drive H: | 465.75 Gb Total Space | 428.25 Gb Free Space | 91.95% Space Free | Partition Type: NTFS
Drive I: | 2000.00 Gb Total Space | 994.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
Drive J: | 465.75 Gb Total Space | 428.25 Gb Free Space | 91.95% Space Free | Partition Type: NTFS

Computer Name: CJGGM109 | User Name: agb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"36256:TCP" = 36256:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"36256:TCP" = 36256:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Documents and Settings\abq\Local Settings\Temporary Internet Files\Content.IE5\XLFWZK07\NTRsupport[1].exe" = C:\Documents and Settings\abq\Local Settings\Temporary Internet Files\Content.IE5\XLFWZK07\NTRsupport[1].exe:*:Enabled:NTRsupport
"C:\Program Files\eCopy\Desktop\Bin\ecopydesktop.exe" = C:\Program Files\eCopy\Desktop\Bin\ecopydesktop.exe:*:Enabled:eCopy Desktop -- (eCopy, Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A40D0BC-7016-4BCD-8D14-365EE8A7824D}" = AXIS Media Control Embedded Installer
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{6EE832CD-915A-4B44-860D-6396B158D496}" = eCopy Desktop
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{74A6F39E-D5D5-4B0A-A544-4D704B1BE51F}" = Corel Home Office
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90B5E602-1867-449D-86FD-FC9DEA4434BF}" = HP Software Update
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A549A0F9-77EE-4619-990A-8331D145F257}" = Corel Home Office - IPM
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{FC79BEDA-F099-40AE-9FF5-ADECDD2E9D52}" = eCopy Desktop SP1
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BearShare 2 MediaBar" = MediaBar
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Doxillion" = Doxillion Document Converter
"DVD-Cloner 9_is1" = DVD-Cloner V9.00 Build 1100
"ExpressBurn" = Express Burn Disc Burning Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"PROSet" = Intel® PRO Network Adapters and Drivers
"Protected Music Converter_is1" = Protected Music Converter 1.0.0.17
"VLC media player" = VLC media player 1.0.0
"Wilbur" = Wilbur (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2012 6:23:02 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/13/2012 2:16:00 PM | Computer Name = CJGGM109 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17108, faulting
module ieui.dll, version 7.0.5730.13, fault address 0x000061b5.

Error - 3/15/2012 3:40:49 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.2.45, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2012 10:27:10 AM | Computer Name = CJGGM109 | Source = Application Error | ID = 1000
Description = Faulting application wilbur.exe, version 2.2.0.13, faulting module
unknown, version 0.0.0.0, fault address 0x00a43b87.

Error - 3/21/2012 12:45:38 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2012 11:49:26 AM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application wilbur.exe, version 2.2.0.13, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2012 12:02:22 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2012 12:03:56 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2012 12:27:35 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2012 4:31:22 PM | Computer Name = CJGGM109 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/24/2012 8:45:54 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:46:45 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:51:02 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:51:53 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:52:44 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:53:36 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:54:27 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 8:55:18 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 11:04:07 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

Error - 3/24/2012 11:04:58 PM | Computer Name = CJGGM109 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer fsb using any of
the configured protocols.

< End of report >

Edited by curryjohn, 27 March 2012 - 05:56 PM.

#23
Essexboy

Posted 28 March 2012 - 01:42 PM

GeekU Moderator

Retired Staff
69,964 posts

OK let Bearshare be gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;127.0.0.1:9421;
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
[2012/01/27 11:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\abq\Local Settings\Temporary Internet Files\Content.IE5\XLFWZK07\NTRsupport[1].exe"=-
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=-
"C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BearShare 2 MediaBar"=-

:Files
ipconfig /flushdns /c
C:\Program Files\BearShare Applications
C:\Program Files\Yontoo

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
Allow the installation of the recovery console
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#24
curryjohn

Posted 28 March 2012 - 07:32 PM

Member

Topic Starter
Member
31 posts

When I put the instructions in the run fix box, I got the same error message I did in this thread's Post #3 on my work PC (about system32/hosts )

I downloaded Combofix and intalled the console. After the message about taking 10 minutes or double to scan, the Combofix window disappeared after 5 minutes just as it did on my PC.

I did run another OTL log and it is attached.

OTL logfile created on: 3/28/2012 8:18:38 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\abq\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 504.56 Mb Available Physical Memory | 49.37% Memory free
1.66 Gb Paging File | 1.26 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.98 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive D: | 14.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2000.00 Gb Total Space | 994.23 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive H: | 465.75 Gb Total Space | 428.20 Gb Free Space | 91.94% Space Free | Partition Type: NTFS
Drive I: | 2000.00 Gb Total Space | 994.23 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive J: | 465.75 Gb Total Space | 428.20 Gb Free Space | 91.94% Space Free | Partition Type: NTFS

Computer Name: CJGGM109 | User Name: agb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 15:53:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/04/20 16:34:30 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/07/29 02:40:28 | 000,959,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/07/29 00:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/07/29 00:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 15:24:48 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/03/04 18:31:24 | 000,081,920 | ---- | M] () -- C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe
PRC - [2004/02/27 12:29:24 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/02/26 17:09:06 | 000,077,824 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\HPBPRO.EXE
PRC - [2004/01/07 14:02:26 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/01/07 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/27 18:26:30 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_6c825ce.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
MOD - [2008/01/16 15:24:48 | 000,802,901 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
MOD - [2008/01/16 15:24:48 | 000,094,308 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll
MOD - [2008/01/16 15:24:48 | 000,053,349 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll
MOD - [2008/01/16 15:24:48 | 000,053,342 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll
MOD - [2008/01/16 15:24:48 | 000,032,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll
MOD - [2008/01/16 15:24:48 | 000,028,776 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
MOD - [2008/01/16 15:24:48 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
MOD - [2004/03/04 18:31:24 | 000,081,920 | ---- | M] () -- C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe
MOD - [2004/03/04 18:31:24 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\mrsplnt.dll
MOD - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
MOD - [2003/06/16 16:52:48 | 000,074,752 | ---- | M] () -- C:\WINDOWS\system32\jst.dll
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/27 18:26:30 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2010/07/29 00:19:24 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/07/29 00:13:46 | 001,316,176 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/07/05 05:51:32 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\abq\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/08/20 14:53:00 | 000,177,232 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/20 14:53:00 | 000,067,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/08/20 14:53:00 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C47C03AB-C779-4C16-B39E-F50DC71910D7}
IE - HKCU\..\SearchScopes\{C47C03AB-C779-4C16-B39E-F50DC71910D7}: "URL" = http://www.google.co...&rlz=1I7GGLD_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\FirefoxExtension [2011/04/20 16:50:02 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eCopy Desktop Printer Service] C:\Program Files\eCopy\Desktop\PCLprint\mrmlnc32.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\OfficeScan Client\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=012408 serial=wa12wrx-0000002-hmd lang=EN File not found
O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\abq\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} http://fs1.curriejoh...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} http://fs1.curriejoh...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://agate07.abs-m...t/IrcViewer.cab (CompositeView Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199911548404 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1213645159901 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file:///C:/WINDOWS/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} http://fs1.curriejoh...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} https://peerreview.m...cker/wspell.cab (WSpell Spelling Checker Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.90 4.2.2.3 24.116.0.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = curriejohnson.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2EE417-59F0-4276-B8A7-E6EEA12C5723}: DhcpNameServer = 192.168.0.90 4.2.2.3 24.116.0.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2EE417-59F0-4276-B8A7-E6EEA12C5723}: NameServer = 192.168.0.90,192.168.0.120,4.2.2.2
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\abq\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abq\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/09 15:01:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8708e4b7-1148-11dd-ace8-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8708e4c1-1148-11dd-ace8-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b8b15fe-c511-11dc-ace2-0011114c0894}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 20:00:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/28 19:55:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/28 19:55:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/28 19:55:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/28 19:55:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/28 19:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/28 19:54:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/28 19:54:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 19:54:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\abq\Start Menu\Programs\Administrative Tools
[2012/03/28 19:53:41 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\abq\Desktop\ComboFix.exe
[2012/03/28 18:49:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/27 19:09:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\abq\Recent
[2012/03/27 19:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/27 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/27 19:02:25 | 003,645,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\abq\Desktop\ccsetup317.exe
[2012/03/27 15:53:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
[2012/03/27 11:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2012/03/23 12:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/23 12:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/23 11:51:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/21 11:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abq\Start Menu\Programs\Wilbur
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 20:10:50 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/03/28 20:09:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/28 20:08:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 20:00:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/28 19:53:51 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\abq\Desktop\ComboFix.exe
[2012/03/28 12:12:39 | 000,014,617 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2012/03/27 19:03:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/27 19:02:52 | 003,645,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\abq\Desktop\ccsetup317.exe
[2012/03/27 15:53:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abq\Desktop\OTL.com
[2012/03/27 11:55:36 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/03/27 11:55:30 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\83AD768089.sys
[2012/03/27 11:49:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/03/27 11:46:41 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2012/03/27 11:44:25 | 000,019,769 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\JUDGEMENT.dotx
[2012/03/27 11:44:25 | 000,017,042 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Waiver.dotx
[2012/03/27 11:30:58 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\abq\Desktop\Microsoft Office Outlook 2003.lnk
[2012/03/23 12:06:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/22 15:03:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/20 16:59:02 | 412,208,634 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.off
[2012/03/20 16:58:57 | 322,436,067 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.wor
[2012/03/20 15:40:59 | 000,417,525 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Agreement.pdf
[2012/03/15 14:40:13 | 000,020,150 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Dismissal.pdf
[2012/03/15 09:23:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\abq\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/14 03:28:18 | 000,325,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 03:28:18 | 000,044,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:25:21 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/09 13:30:52 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Customer.wpd
[2012/03/02 14:52:59 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\abq\Desktop\Microsoft Word.lnk
[2012/03/02 14:05:56 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2012/02/29 14:35:19 | 041,476,295 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.Wil
[2012/02/29 11:38:46 | 000,032,767 | ---- | M] () -- C:\Documents and Settings\abq\My Documents\Untitled.ski
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 20:00:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/28 20:00:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/28 19:55:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/28 19:55:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/28 19:55:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/28 19:55:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/28 19:55:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/27 19:03:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/27 11:46:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2012/03/27 11:46:41 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Doxillion Document Converter.lnk
[2012/03/27 11:46:41 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2012/03/27 11:44:25 | 000,019,769 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\JUDGEMENT - JT. PET.dotx
[2012/03/27 11:44:25 | 000,017,042 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Waiver.dotx
[2012/03/23 12:06:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/20 15:40:34 | 000,417,525 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Agreement changes.pdf
[2012/03/15 14:40:13 | 000,020,150 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Dismissal.pdf
[2012/03/09 13:30:52 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Customer.wpd
[2012/03/07 16:55:09 | 000,027,600 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Motion.wpd
[2012/03/07 16:55:04 | 000,012,209 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\Motions.wpd
[2012/03/07 16:54:47 | 000,110,138 | ---- | C] () -- C:\Documents and Settings\abq\My Documents\MEMO.wpd
[2012/02/14 16:25:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 14:31:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\abq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/25 17:59:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/06/06 17:18:35 | 000,036,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/07 10:05:55 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\83AD768089.sys
[2011/04/07 10:05:54 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/05/21 10:33:47 | 000,067,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/05/21 10:33:47 | 000,057,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

========== LOP Check ==========

[2012/01/27 11:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Babylon
[2011/06/06 15:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\bsbandmltbpi
[2012/01/25 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\DVD-Cloner
[2012/01/27 11:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\InfraRecorder
[2012/01/26 14:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Leadertech
[2011/06/06 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\mediabarbs
[2009/08/12 14:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\ntr
[2009/02/05 14:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abq\Application Data\Snapfish
[2011/06/22 16:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4170
[2012/01/27 11:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/01/10 16:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2012/01/25 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2011/06/07 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/06 16:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/27 11:49:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2012/02/09 14:45:05 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >

Edited by curryjohn, 28 March 2012 - 07:40 PM.

#25
Essexboy

Posted 29 March 2012 - 12:57 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets have a quick look with aswMBR. Bearshare has now gone

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#26
curryjohn

Posted 31 March 2012 - 03:01 PM

Member

Topic Starter
Member
31 posts

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 15:32:15
-----------------------------
15:32:15.486 OS Version: Windows 5.1.2600 Service Pack 3
15:32:15.486 Number of processors: 1 586 0x304
15:32:15.486 ComputerName: CJGGM109 UserName: agb
15:32:17.321 Initialize success
15:36:07.419 AVAST engine defs: 12033101
15:37:38.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:37:38.186 Disk 0 Vendor: WDC_WD400BB-75FJA1 14.03G14 Size: 38146MB BusType: 3
15:37:38.233 Disk 0 MBR read successfully
15:37:38.233 Disk 0 MBR scan
15:37:38.280 Disk 0 Windows XP default MBR code
15:37:38.280 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
15:37:38.311 Disk 0 scanning sectors +78108030
15:37:38.451 Disk 0 scanning C:\WINDOWS\system32\drivers
15:38:07.014 Service scanning
15:38:32.401 Service tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys **LOCKED** 5
15:38:32.837 Service tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys **LOCKED** 5
15:38:33.086 Service tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys **LOCKED** 5
15:38:33.865 Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
15:38:34.721 Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
15:38:36.574 Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
15:38:39.658 Modules scanning
15:38:51.666 Disk 0 trace - called modules:
15:38:51.682 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:38:51.682 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f4fab8]
15:38:51.682 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f50d98]
15:38:51.931 AVAST engine scan C:\WINDOWS
15:39:03.284 AVAST engine scan C:\WINDOWS\system32
15:43:05.457 AVAST engine scan C:\WINDOWS\system32\drivers
15:43:57.333 AVAST engine scan C:\Documents and Settings\abq
15:52:28.877 AVAST engine scan C:\Documents and Settings\All Users
15:53:20.838 Scan finished successfully
15:57:59.941 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\abq\Desktop\MBR.dat"
15:57:59.957 The log file has been saved successfully to "C:\Documents and Settings\abq\Desktop\aswMBR.txt"

#27
Essexboy

Posted 31 March 2012 - 03:51 PM

GeekU Moderator

Retired Staff
69,964 posts

Hmm nothing showing there - lets use a full blown av and analysis

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#28
curryjohn

Posted 02 April 2012 - 03:28 PM

Member

Topic Starter
Member
31 posts

No threats detected

I am having trouble locating the zip file to upload...I will re-run system information

it says failed to extract [zip file] error is 193

Edited by curryjohn, 02 April 2012 - 03:30 PM.

#29
Essexboy

Posted 02 April 2012 - 03:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Okey dokey, what are the current problems ? Any change

#30
curryjohn

Posted 02 April 2012 - 06:34 PM

Member

Topic Starter
Member
31 posts

Here is the avptool zip file...no other problems at the moment, although she gets the same error message I do on startup--(actually a System 85 error). If that error is harmless, and the zip file looks clean, I'm ready to buy you another pint or two. :cheers: