Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows xp booting up and running very slowly [Solved]

Started by brynndar , Jul 26 2012 06:00 PM

  • This topic is locked This topic is locked

#1
brynndar
Posted 26 July 2012 - 06:00 PM

brynndar

    Member

  • Member
  • PipPip
  • 14 posts
I have an asus computer. It's about 4 years old. I have taken it to the repair shop several times about this issue. Everytime I bring it home, it runs a little bit faster, but not much. Maybe I need a new hard drive. I wanted to have someone see if maybe it has a virus or something that is causing this before I get a new hard drive. Please keep in mind that I am not computer literate at all. My computer may have so much junk on it that is unnecessary that I wouldn't even know about.

Thank you for your patience,
Lori

OTL logfile created on: 7/26/2012 5:46:12 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 117.31 Mb Available Physical Memory | 11.84% Memory free
2.33 Gb Paging File | 1.17 Gb Available in Paging File | 50.26% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 114.27 Gb Free Space | 49.07% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 17:30:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/06/06 09:17:00 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/05/15 04:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/02 15:09:20 | 000,035,840 | ---- | M] (Datacastle) -- C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WIN\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/20 17:47:04 | 000,169,984 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\65f9fe27a524e0e1d6fe976da05c809d\Inkjet.Automation.ni.dll
MOD - [2012/07/20 17:47:02 | 000,098,304 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\24df744a06c3ee71e66e0df2957db8ab\Inkjet.DeviceSettings.ni.dll
MOD - [2012/07/20 17:47:00 | 000,237,056 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56788e7172b88e8e17c8187919f6fe9e\Inkjet.Localization.ni.dll
MOD - [2012/07/20 17:47:00 | 000,106,496 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7390d6714108666d0f1d272f8bacfb13\Inkjet.Diagnostics.ni.dll
MOD - [2012/07/20 17:46:59 | 000,286,720 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\77efbbfd54d23807ec041ef5ec3c12d0\Inkjet.Utilities.ni.dll
MOD - [2012/07/20 17:46:58 | 000,832,000 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\ce45b4ac627e00a2e877bc0c642b7d05\Inkjet.Hardware.ni.dll
MOD - [2012/07/20 17:46:57 | 000,181,248 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\5f1d9bddb3455d5c2342fddb3182590a\Inkjet.Statistics.ni.dll
MOD - [2012/07/20 17:46:57 | 000,080,896 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\67ae8297c655a3d2a3664fe21582a5f8\Inkjet.Configuration.ni.dll
MOD - [2012/07/20 17:46:53 | 000,771,584 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/13 15:16:29 | 001,840,640 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
MOD - [2012/06/13 15:16:15 | 000,212,992 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 15:13:21 | 012,433,920 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 15:12:37 | 001,592,320 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 15:10:39 | 002,933,248 | ---- | M] () -- C:\WIN\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 15:10:31 | 000,261,632 | ---- | M] () -- C:\WIN\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/06 19:22:38 | 000,627,200 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/06/06 19:22:28 | 000,998,400 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/06/06 19:22:24 | 000,627,712 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/06/06 19:19:47 | 000,679,936 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/06/06 19:19:44 | 000,971,264 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/06/06 18:53:25 | 005,450,752 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/06/06 18:52:47 | 006,616,576 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/06/06 18:52:41 | 002,295,296 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/06/06 18:51:23 | 007,953,408 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/06 18:22:57 | 011,492,352 | ---- | M] () -- C:\WIN\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/06/06 12:22:24 | 000,108,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2012/06/06 12:22:24 | 000,014,112 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2012/06/06 09:17:00 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
MOD - [2012/06/06 09:16:52 | 000,162,816 | ---- | M] () -- C:\Program Files\Web Assistant\Extension32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/02 14:59:34 | 000,506,711 | ---- | M] () -- C:\Program Files\Super Easy Backup\Endpoint\sqlite3.dll
MOD - [2012/02/02 14:59:34 | 000,183,808 | ---- | M] () -- C:\Program Files\Super Easy Backup\Endpoint\Mono.Posix.dll
MOD - [2010/07/28 17:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 17:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/23 07:59:10 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\MyFunCards_5m\bar\1.bin\5mbarsvc.exe -- (MyFunCards_5mService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/06/06 12:20:54 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WIN\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/06 09:17:00 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/05/15 04:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/02 15:09:20 | 000,035,840 | ---- | M] (Datacastle) [Auto | Running] -- C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe -- (DCProtectService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)


========== Driver Services (SafeList) ==========

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WIN\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/29 15:22:52 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users.WIN\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WIN\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WIN\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WIN\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WIN\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009/03/29 09:32:12 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008/08/01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WIN\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/08/13 11:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WIN\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 58 19 24 05 45 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKCU\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...GGHP_en-GBUS487
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{BE8859F8-90FB-45AB-9F84-931B8278D6E1}: "URL" = http://websearch.ask...3D-9980E1889DB0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WIN\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WIN\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WIN\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WIN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/21 08:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5mffxtbr@MyFunCards_5m.com: C:\Program Files\MyFunCards_5m\bar\1.bin [2012/07/24 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/06/08 00:31:29 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/07/27 06:00:00 | 000,000,734 | ---- | M]) - C:\WIN\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WIN\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WIN\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NvCplDaemon] C:\WIN\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WIN\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.myfun...D8&n=2012072310 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WIN\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341441543171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395D1A8E-4015-44DB-B1EA-A5495E4AB339}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WIN\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WIN\system32\userinit.exe) - C:\WIN\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 16:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 17:30:06 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/07/25 16:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\Deployment
[2012/07/24 18:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\Picasa 3
[2012/07/23 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Foxit Software
[2012/07/23 07:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\MyFunCards_5m
[2012/07/21 08:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\My Documents\My Smilebox Creations
[2012/07/21 08:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/07/20 22:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\TEMP
[2012/07/20 22:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\Insaniquarium! Deluxe
[2012/07/20 22:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Insaniquarium! Deluxe
[2012/07/20 22:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\Big Fish Games
[2012/07/20 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012/07/20 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\BigFishGamesCache
[2012/07/20 17:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Kodak
[2012/07/18 15:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\iTunes
[2012/07/18 15:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/18 15:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/18 15:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/17 17:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\DriverCure
[2012/07/17 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\SpeedyPC Software
[2012/07/17 17:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\SpeedyPC Software
[2012/07/14 09:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/07/14 09:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\AskToolbar
[2012/07/14 09:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/07/14 09:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/12 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\SecTaskMan
[2012/07/12 15:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Ad-Aware Antivirus
[2012/07/12 14:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/12 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\SUPERSetup
[2012/07/12 14:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\SUPERAntiSpyware.com
[2012/07/12 14:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\SUPERAntiSpyware.com
[2012/07/09 18:03:01 | 000,000,000 | ---D | C] -- C:\WIN\Minidump
[2012/07/04 14:10:57 | 000,000,000 | ---D | C] -- C:\WIN\System32\windowspowershell
[2012/06/29 15:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\Trusteer
[2012/06/29 15:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\Trusteer
[2012/06/28 23:20:20 | 000,000,000 | ---D | C] -- C:\WIN\System32\appmgmt
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/26 17:30:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/07/26 16:29:02 | 001,144,963 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\ProcessExplorer.zip
[2012/07/26 09:08:35 | 000,000,416 | -H-- | M] () -- C:\WIN\tasks\User_Feed_Synchronization-{A126B8E3-10B9-4048-81A0-7DC31E8A7EE1}.job
[2012/07/26 09:06:02 | 000,013,646 | ---- | M] () -- C:\WIN\System32\wpa.dbl
[2012/07/26 07:21:47 | 000,002,048 | --S- | M] () -- C:\WIN\bootstat.dat
[2012/07/24 19:09:13 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/07/24 19:09:13 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Picasa 3.lnk
[2012/07/23 18:21:40 | 000,000,019 | ---- | M] () -- C:\WIN\popcinfo.dat
[2012/07/23 11:50:09 | 000,198,144 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\brynn party inv 2012.pub
[2012/07/23 11:45:36 | 004,063,811 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Fiona1[1].pdf
[2012/07/20 22:30:02 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\More Great Games.lnk
[2012/07/20 22:30:01 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Play Insaniquarium! Deluxe.lnk
[2012/07/20 17:47:37 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\KODAK AiO Home Center.lnk
[2012/07/20 17:46:23 | 000,001,782 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Get CleanPrint.lnk
[2012/07/18 18:38:01 | 000,000,312 | -HS- | M] () -- C:\boot.ini
[2012/07/18 15:52:13 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\iTunes.lnk
[2012/07/14 09:54:13 | 000,000,232 | ---- | M] () -- C:\WIN\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/14 09:54:12 | 000,000,886 | ---- | M] () -- C:\WIN\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/14 09:54:11 | 000,000,882 | ---- | M] () -- C:\WIN\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/14 09:54:10 | 000,000,434 | ---- | M] () -- C:\WIN\tasks\EasyShare Registration Task.job
[2012/07/14 09:54:09 | 000,000,822 | ---- | M] () -- C:\WIN\tasks\Adobe Flash Player Updater.job
[2012/07/14 09:54:09 | 000,000,284 | ---- | M] () -- C:\WIN\tasks\AppleSoftwareUpdate.job
[2012/07/14 09:48:59 | 000,537,166 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Autoruns.zip
[2012/07/13 16:51:01 | 000,000,664 | ---- | M] () -- C:\WIN\System32\d3d9caps.dat
[2012/07/11 17:38:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/10 22:32:21 | 000,266,208 | ---- | M] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/07/10 22:30:23 | 000,001,374 | ---- | M] () -- C:\WIN\imsins.BAK
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbam.sys
[2012/07/02 14:49:34 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Server.url
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 16:29:02 | 001,144,963 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\ProcessExplorer.zip
[2012/07/24 19:09:13 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/07/24 19:09:13 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\Picasa 3.lnk
[2012/07/23 11:50:09 | 000,198,144 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\brynn party inv 2012.pub
[2012/07/23 11:45:57 | 004,063,811 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Fiona1[1].pdf
[2012/07/20 23:00:23 | 000,000,019 | ---- | C] () -- C:\WIN\popcinfo.dat
[2012/07/20 22:30:02 | 000,001,208 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\More Great Games.lnk
[2012/07/20 22:30:01 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\Play Insaniquarium! Deluxe.lnk
[2012/07/20 22:27:15 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\Game Manager.lnk
[2012/07/20 22:27:15 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\More Great Games.lnk
[2012/07/20 17:47:37 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\KODAK AiO Home Center.lnk
[2012/07/20 17:46:23 | 000,001,782 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\Get CleanPrint.lnk
[2012/07/18 15:52:13 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\iTunes.lnk
[2012/07/14 09:49:06 | 000,000,232 | ---- | C] () -- C:\WIN\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/14 09:48:52 | 000,537,166 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Autoruns.zip
[2012/07/11 17:38:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/02 14:49:34 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Server.url
[2012/06/28 23:21:28 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Lori\My Documents\Shortcut to Kid Pix Deluxe 3.lnk
[2012/06/17 14:46:29 | 000,000,664 | ---- | C] () -- C:\WIN\System32\d3d9caps.dat
[2012/06/06 14:21:24 | 000,003,072 | ---- | C] () -- C:\WIN\System32\iacenc.dll
[2012/06/06 11:59:17 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb0.bin
[2012/06/06 11:59:16 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb1.bin
[2012/06/06 11:59:16 | 000,000,001 | ---- | C] () -- C:\WIN\System32\nvdrssel.bin
[2012/06/06 11:58:46 | 002,807,708 | ---- | C] () -- C:\WIN\System32\nvdata.data
[2012/06/05 19:27:50 | 000,002,048 | --S- | C] () -- C:\WIN\bootstat.dat
[2012/06/05 19:22:12 | 000,021,640 | ---- | C] () -- C:\WIN\System32\emptyregdb.dat
[2012/06/05 13:14:11 | 000,003,985 | ---- | C] () -- C:\WIN\ODBCINST.INI
[2012/06/05 13:12:50 | 000,266,208 | ---- | C] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\WIN\System32\EKaio2WiaCoInst.ini
[2011/11/26 15:24:21 | 000,005,810 | ---- | C] () -- C:\WIN\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2012/06/08 07:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\Affinegy
[2012/07/20 22:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\Big Fish Games
[2012/06/08 00:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\ESET
[2012/06/19 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\PIXELA
[2012/07/26 10:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\SecTaskMan
[2012/07/17 18:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\SpeedyPC Software
[2012/07/12 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\SUPERSetup
[2012/07/23 18:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\TEMP
[2012/06/29 15:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\Trusteer
[2012/06/06 19:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WIN\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/12 15:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Ad-Aware Antivirus
[2012/06/07 18:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Downloaded Installations
[2012/07/17 17:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\DriverCure
[2012/07/23 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Foxit Software
[2012/06/09 16:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Skinux
[2012/07/17 17:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\SpeedyPC Software
[2012/06/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\TeamViewer
[2012/06/08 07:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Temp
[2012/07/14 09:54:10 | 000,000,434 | ---- | M] () -- C:\WIN\Tasks\EasyShare Registration Task.job
[2012/07/14 09:54:13 | 000,000,232 | ---- | M] () -- C:\WIN\Tasks\Scheduled Update for Ask Toolbar.job
[2012/07/26 09:08:35 | 000,000,416 | -H-- | M] () -- C:\WIN\Tasks\User_Feed_Synchronization-{A126B8E3-10B9-4048-81A0-7DC31E8A7EE1}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users.WIN\Application Data\TEMP:FACB65E7

< End of report >



OTL Extras logfile created on: 7/26/2012 5:30:27 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 103.21 Mb Available Physical Memory | 10.42% Memory free
2.33 Gb Paging File | 1.14 Gb Available in Paging File | 49.03% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 114.27 Gb Free Space | 49.07% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users.WIN\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users.WIN\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.460
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53680898-90A2-4C54-968B-030A4CA8E33B}" = Super Easy Backup
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BFGC" = Big Fish Games: Game Manager
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"CCleaner" = CCleaner
"Foxit Reader_is1" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TeamViewer 7" = TeamViewer 7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 5:22:10 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/21/2012 5:22:10 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/21/2012 9:53:26 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/21/2012 9:53:26 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 8:14:47 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/23/2012 8:14:47 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 1:38:31 PM | Computer Name = DWAYNE-2DE6E15F | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.87, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2012 4:48:38 PM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/23/2012 4:48:38 PM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 5:04:19 PM | Computer Name = DWAYNE-2DE6E15F | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6661.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 7/15/2012 3:39:49 PM | Computer Name = DWAYNE-2DE6E15F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14732
seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/20/2012 9:57:33 AM | Computer Name = DWAYNE-2DE6E15F | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{395D1A8E-4015-44DB-B1EA-A5495E4AB339}
because another computer on the network has the same name. The server could not
start.

Error - 7/20/2012 9:57:59 AM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 7/22/2012 2:30:59 PM | Computer Name = DWAYNE-2DE6E15F | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{395D1A8E-4015-44DB-B1EA-A5495E4AB339}
because another computer on the network has the same name. The server could not
start.

Error - 7/23/2012 9:56:42 AM | Computer Name = DWAYNE-2DE6E15F | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{395D1A8E-4015-44DB-B1EA-A5495E4AB339}
because another computer on the network has the same name. The server could not
start.

Error - 7/24/2012 1:16:43 AM | Computer Name = DWAYNE-2DE6E15F | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 7/24/2012 1:55:48 AM | Computer Name = DWAYNE-2DE6E15F | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%5 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 7/24/2012 1:55:48 AM | Computer Name = DWAYNE-2DE6E15F | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/25/2012 8:39:50 AM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 7/25/2012 5:17:19 PM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 7/26/2012 9:23:07 AM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 29 August 2012 - 04:59 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system.

Because of this, I advise you to backup any personal files and folders before you start.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Double-click on SecurityCheck.exe then follow the on-screen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Re-scan with OTL:

Please delete your current version of OTL(all logs created if still present), then re-download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
brynndar
Posted 29 August 2012 - 05:34 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
E
S
E
T
ECHO is off.
N
O
D
3
2
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
4
.
2
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.2.202.235
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


OTL logfile created on: 8/29/2012 5:19:00 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 164.51 Mb Available Physical Memory | 16.61% Memory free
2.33 Gb Paging File | 1.04 Gb Available in Paging File | 44.47% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.35 Gb Free Space | 47.81% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
PRC - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\WIN\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\65f9fe27a524e0e1d6fe976da05c809d\Inkjet.Automation.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\24df744a06c3ee71e66e0df2957db8ab\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56788e7172b88e8e17c8187919f6fe9e\Inkjet.Localization.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7390d6714108666d0f1d272f8bacfb13\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\77efbbfd54d23807ec041ef5ec3c12d0\Inkjet.Utilities.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\ce45b4ac627e00a2e877bc0c642b7d05\Inkjet.Hardware.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\5f1d9bddb3455d5c2342fddb3182590a\Inkjet.Statistics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\67ae8297c655a3d2a3664fe21582a5f8\Inkjet.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\cwebpage.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
MOD - C:\Program Files\Web Assistant\Extension32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MyFunCards_5mService) -- C:\Program Files\MyFunCards_5m\bar\1.bin\5mbarsvc.exe (COMPANYVERS_NAME)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WIN\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DCProtectService) -- C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WIN\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WIN\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users.WIN\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (eamon) -- C:\WIN\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WIN\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdir) -- C:\WIN\system32\drivers\epfwtdir.sys (ESET)
DRV - (AFGSp50) -- C:\WIN\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HdAudAddService) -- C:\WIN\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (nvnetbus) -- C:\WIN\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WIN\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WIN\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WIN\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (MTsensor) -- C:\WIN\system32\drivers\ASACPI.sys ()
DRV - (ms_mpu401) -- C:\WIN\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 58 19 24 05 45 CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...GGHP_en-GBUS487
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{BE8859F8-90FB-45AB-9F84-931B8278D6E1}: "URL" = http://websearch.ask...3D-9980E1889DB0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WIN\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WIN\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WIN\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WIN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/21 08:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5mffxtbr@MyFunCards_5m.com: C:\Program Files\MyFunCards_5m\bar\1.bin [2012/07/24 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/06/08 00:31:29 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/07/27 06:00:00 | 000,000,734 | ---- | M]) - C:\WIN\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WIN\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WIN\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NvCplDaemon] C:\WIN\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WIN\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.myfun...D8&n=2012072310 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WIN\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341441543171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395D1A8E-4015-44DB-B1EA-A5495E4AB339}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WIN\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WIN\system32\userinit.exe) - C:\WIN\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 16:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 17:17:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Uniblue
[2012/08/29 17:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\Uniblue
[2012/08/29 17:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/08/29 17:02:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lori\Start Menu\Programs\Administrative Tools
[2012/08/15 07:07:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 13:23:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/02 09:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\WMTools Downloaded Files
[2012/07/30 22:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\NVIDIA
[2012/07/30 22:46:57 | 000,000,000 | ---D | C] -- C:\OpenDentImages
[2012/07/30 22:37:54 | 000,000,000 | ---D | C] -- C:\mysql
[2012/07/30 22:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Start Menu\Programs\MySQL
[2012/07/30 22:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2012/07/30 22:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Application Data\MySQL
[2012/07/30 22:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Open Dental
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 17:17:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:11:39 | 000,854,124 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/29 17:04:36 | 000,000,254 | ---- | M] () -- C:\WIN\tasks\SpeedUpMyPC.job
[2012/08/29 17:03:30 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2012/08/29 17:03:30 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\SpeedUpMyPC.lnk
[2012/08/29 14:54:41 | 000,013,646 | ---- | M] () -- C:\WIN\System32\wpa.dbl
[2012/08/29 14:53:32 | 000,002,048 | --S- | M] () -- C:\WIN\bootstat.dat
[2012/08/28 21:53:24 | 000,000,416 | -H-- | M] () -- C:\WIN\tasks\User_Feed_Synchronization-{A126B8E3-10B9-4048-81A0-7DC31E8A7EE1}.job
[2012/08/15 17:43:02 | 000,266,208 | ---- | M] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/08/15 07:20:45 | 000,001,374 | ---- | M] () -- C:\WIN\imsins.BAK
[2012/08/14 16:40:19 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Picasa 3.lnk
[2012/08/13 13:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/09 15:01:03 | 000,000,019 | ---- | M] () -- C:\WIN\popcinfo.dat
[2012/08/06 10:29:52 | 000,613,684 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[2012/08/01 17:57:50 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Verizon Wireless - Charges By Line.url
[2012/08/01 17:43:53 | 000,092,291 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\jake phone bill.pdf
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 17:11:36 | 000,854,124 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/29 17:04:34 | 000,000,254 | ---- | C] () -- C:\WIN\tasks\SpeedUpMyPC.job
[2012/08/29 17:03:30 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2012/08/29 17:03:30 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WIN\Desktop\SpeedUpMyPC.lnk
[2012/08/06 10:29:47 | 000,613,684 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[2012/08/01 17:58:10 | 000,092,291 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\jake phone bill.pdf
[2012/08/01 17:57:50 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Verizon Wireless - Charges By Line.url
[2012/07/20 23:00:23 | 000,000,019 | ---- | C] () -- C:\WIN\popcinfo.dat
[2012/06/17 14:46:29 | 000,000,664 | ---- | C] () -- C:\WIN\System32\d3d9caps.dat
[2012/06/06 14:21:24 | 000,003,072 | ---- | C] () -- C:\WIN\System32\iacenc.dll
[2012/06/06 11:59:17 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb0.bin
[2012/06/06 11:59:16 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb1.bin
[2012/06/06 11:59:16 | 000,000,001 | ---- | C] () -- C:\WIN\System32\nvdrssel.bin
[2012/06/06 11:58:46 | 002,807,708 | ---- | C] () -- C:\WIN\System32\nvdata.data
[2012/06/05 19:27:50 | 000,002,048 | --S- | C] () -- C:\WIN\bootstat.dat
[2012/06/05 19:22:12 | 000,021,640 | ---- | C] () -- C:\WIN\System32\emptyregdb.dat
[2012/06/05 13:14:11 | 000,003,985 | ---- | C] () -- C:\WIN\ODBCINST.INI
[2012/06/05 13:12:50 | 000,266,208 | ---- | C] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\WIN\System32\EKaio2WiaCoInst.ini
[2011/11/26 15:24:21 | 000,005,810 | ---- | C] () -- C:\WIN\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users.WIN\Application Data\TEMP:FACB65E7

< End of report >

OTL Extras logfile created on: 8/29/2012 5:19:00 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 164.51 Mb Available Physical Memory | 16.61% Memory free
2.33 Gb Paging File | 1.04 Gb Available in Paging File | 44.47% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.35 Gb Free Space | 47.81% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users.WIN\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users.WIN\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.460
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53680898-90A2-4C54-968B-030A4CA8E33B}" = Super Easy Backup
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{5D64323C-288C-4BC4-9D07-D1E9B176D119}" = MySQL Server 5.5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BFGC" = Big Fish Games: Game Manager
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"CCleaner" = CCleaner
"Foxit Reader_is1" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"TeamViewer 7" = TeamViewer 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 5:22:10 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/21/2012 5:22:10 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/21/2012 9:53:26 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/21/2012 9:53:26 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 8:14:47 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/23/2012 8:14:47 AM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 1:38:31 PM | Computer Name = DWAYNE-2DE6E15F | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.62.0.87, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2012 4:48:38 PM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.2:5353 25 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f-2.local.

Error - 7/23/2012 4:48:38 PM | Computer Name = DWAYNE-2DE6E15F | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 2.2.168.192.in-addr.arpa.
PTR dwayne-2de6e15f.local.

Error - 7/23/2012 5:04:19 PM | Computer Name = DWAYNE-2DE6E15F | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6661.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 7/15/2012 3:39:49 PM | Computer Name = DWAYNE-2DE6E15F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14732
seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/23/2012 9:16:16 PM | Computer Name = DWAYNE-2DE6E15F | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/26/2012 8:31:07 PM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 8/27/2012 7:44:43 PM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 8/28/2012 9:46:58 AM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 8/29/2012 4:54:46 PM | Computer Name = DWAYNE-2DE6E15F | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >

Thank you for your help!
  • 0

#4
Dakeyras
Posted 30 August 2012 - 03:45 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you for your help!

You're welcome!

Random Access Memory Advice:

990.48 Mb Total Physical Memory | 164.51 Mb Available Physical Memory | 16.61% Memory free

Though Microsoft claims XP will run with a mere 128 MB installed in my humble opinion a minimum of 2 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

Next:

Overall it appears your machine could do with some in-depth system maintenance but we can address that in due course.

For now lets proceed as follows shall we...

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Ask Toolbar <-- Has undesirable characteristics.
Java™ 6 Update 32 <-- We will update this in due course and I will explain how to secure it also.
Uniblue SpeedUpMyPC <-- These types of software are of limited use and have the potential to cause more problems than actually cure anything.
Web Assistant <-- Has undesirable characteristics.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

  • Double click on adwcleaner.exe to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.
  • 0

#5
brynndar
Posted 30 August 2012 - 02:29 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I uninstalled the programs you recommended. Here are the results from adwcleaner.

# AdwCleaner v2.000 - Logfile created 08/30/2012 at 14:26:37
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lori - DWAYNE-2DE6E15F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\9SOQAW1F\adwcleaner[1].exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WIN\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\DOCUME~1\Lori\LOCALS~1\Temp\AskSearch
Folder Found : C:\Documents and Settings\Brynn\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Dwayne\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Jake\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Jesi\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Lori\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\WIN\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Web Assistant
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\Software\Web Assistant
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****



-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5242 octets] - [30/08/2012 14:26:37]

########## EOF - C:\AdwCleaner[R1].txt - [5302 octets] ##########
  • 0

#6
Dakeyras
Posted 30 August 2012 - 02:46 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I uninstalled the programs you recommended

OK, lets proceed as follows...

It appears you actually ran AdwCleaner from this location:-

# Running from : C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\9SOQAW1F\adwcleaner[1].exe

Best to move it and or re-download again and ensure it is saved to the desktop.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Re-scan with AdwCleaner:

  • Double-click on adwcleaner.exe to launch the application.
  • Now click on the Delete tab >> reboot your machine if prompted.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Next:

Post the new AdwCleaner log and a new OTL log please(only one log will be created this time). Provide a quick update and we will go from there, thank you.
  • 0

#7
brynndar
Posted 30 August 2012 - 09:03 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 8/30/2012 8:46:29 PM - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 447.87 Mb Available Physical Memory | 45.22% Memory free
2.33 Gb Paging File | 1.52 Gb Available in Paging File | 65.30% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.40 Gb Free Space | 47.83% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
PRC - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\WIN\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\65f9fe27a524e0e1d6fe976da05c809d\Inkjet.Automation.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\24df744a06c3ee71e66e0df2957db8ab\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56788e7172b88e8e17c8187919f6fe9e\Inkjet.Localization.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7390d6714108666d0f1d272f8bacfb13\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\77efbbfd54d23807ec041ef5ec3c12d0\Inkjet.Utilities.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\ce45b4ac627e00a2e877bc0c642b7d05\Inkjet.Hardware.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\5f1d9bddb3455d5c2342fddb3182590a\Inkjet.Statistics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\67ae8297c655a3d2a3664fe21582a5f8\Inkjet.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MyFunCards_5mService) -- C:\Program Files\MyFunCards_5m\bar\1.bin\5mbarsvc.exe (COMPANYVERS_NAME)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WIN\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DCProtectService) -- C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WIN\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WIN\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users.WIN\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (eamon) -- C:\WIN\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WIN\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdir) -- C:\WIN\system32\drivers\epfwtdir.sys (ESET)
DRV - (AFGSp50) -- C:\WIN\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HdAudAddService) -- C:\WIN\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (nvnetbus) -- C:\WIN\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WIN\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WIN\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WIN\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (MTsensor) -- C:\WIN\system32\drivers\ASACPI.sys ()
DRV - (ms_mpu401) -- C:\WIN\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 58 19 24 05 45 CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...GGHP_en-GBUS487
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{BE8859F8-90FB-45AB-9F84-931B8278D6E1}: "URL" = http://websearch.ask...3D-9980E1889DB0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WIN\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WIN\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WIN\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WIN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5mffxtbr@MyFunCards_5m.com: C:\Program Files\MyFunCards_5m\bar\1.bin [2012/07/24 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/06/08 00:31:29 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/07/27 06:00:00 | 000,000,734 | ---- | M]) - C:\WIN\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WIN\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WIN\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NvCplDaemon] C:\WIN\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WIN\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.myfun...D8&n=2012072310 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WIN\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341441543171 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395D1A8E-4015-44DB-B1EA-A5495E4AB339}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WIN\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WIN\system32\userinit.exe) - C:\WIN\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 16:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 20:44:06 | 000,000,000 | ---D | C] -- C:\WIN\ERDNT
[2012/08/30 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/30 20:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\ERUNT
[2012/08/30 20:37:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lori\Desktop\erunt-setup.exe
[2012/08/29 17:17:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:02:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lori\Start Menu\Programs\Administrative Tools
[2012/08/13 13:23:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/02 09:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\WMTools Downloaded Files
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/30 20:52:00 | 000,000,416 | -H-- | M] () -- C:\WIN\tasks\User_Feed_Synchronization-{A126B8E3-10B9-4048-81A0-7DC31E8A7EE1}.job
[2012/08/30 20:40:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\NTREGOPT.lnk
[2012/08/30 20:40:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\ERUNT.lnk
[2012/08/30 20:37:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lori\Desktop\erunt-setup.exe
[2012/08/30 20:35:15 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
[2012/08/30 10:35:54 | 000,013,646 | ---- | M] () -- C:\WIN\System32\wpa.dbl
[2012/08/30 10:35:00 | 000,002,048 | --S- | M] () -- C:\WIN\bootstat.dat
[2012/08/29 17:17:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:11:39 | 000,854,124 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/15 17:43:02 | 000,266,208 | ---- | M] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/08/15 07:20:45 | 000,001,374 | ---- | M] () -- C:\WIN\imsins.BAK
[2012/08/14 16:40:19 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Picasa 3.lnk
[2012/08/13 13:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/09 15:01:03 | 000,000,019 | ---- | M] () -- C:\WIN\popcinfo.dat
[2012/08/06 10:29:52 | 000,613,684 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[2012/08/01 17:57:50 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Verizon Wireless - Charges By Line.url
[2012/08/01 17:43:53 | 000,092,291 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\jake phone bill.pdf
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 20:40:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\NTREGOPT.lnk
[2012/08/30 20:40:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\ERUNT.lnk
[2012/08/30 20:35:11 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
[2012/08/29 17:11:36 | 000,854,124 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/06 10:29:47 | 000,613,684 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[2012/08/01 17:58:10 | 000,092,291 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\jake phone bill.pdf
[2012/08/01 17:57:50 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Verizon Wireless - Charges By Line.url
[2012/07/20 23:00:23 | 000,000,019 | ---- | C] () -- C:\WIN\popcinfo.dat
[2012/06/17 14:46:29 | 000,000,664 | ---- | C] () -- C:\WIN\System32\d3d9caps.dat
[2012/06/06 14:21:24 | 000,003,072 | ---- | C] () -- C:\WIN\System32\iacenc.dll
[2012/06/06 11:59:17 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb0.bin
[2012/06/06 11:59:16 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb1.bin
[2012/06/06 11:59:16 | 000,000,001 | ---- | C] () -- C:\WIN\System32\nvdrssel.bin
[2012/06/06 11:58:46 | 002,807,708 | ---- | C] () -- C:\WIN\System32\nvdata.data
[2012/06/05 19:27:50 | 000,002,048 | --S- | C] () -- C:\WIN\bootstat.dat
[2012/06/05 19:22:12 | 000,021,640 | ---- | C] () -- C:\WIN\System32\emptyregdb.dat
[2012/06/05 13:14:11 | 000,003,985 | ---- | C] () -- C:\WIN\ODBCINST.INI
[2012/06/05 13:12:50 | 000,266,208 | ---- | C] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\WIN\System32\EKaio2WiaCoInst.ini
[2011/11/26 15:24:21 | 000,005,810 | ---- | C] () -- C:\WIN\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users.WIN\Application Data\TEMP:FACB65E7

< End of report >


# AdwCleaner v2.000 - Logfile created 08/30/2012 at 20:35:44
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lori - DWAYNE-2DE6E15F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WIN\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\DOCUME~1\Lori\LOCALS~1\Temp\AskSearch
Folder Found : C:\Documents and Settings\Brynn\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Dwayne\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Jake\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Jesi\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Lori\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\WIN\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Web Assistant
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\Software\Web Assistant
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5371 octets] - [30/08/2012 14:26:37]
AdwCleaner[R2].txt - [5246 octets] - [30/08/2012 20:35:44]

########## EOF - C:\AdwCleaner[R2].txt - [5306 octets] ##########
  • 0

#8
Dakeyras
Posted 31 August 2012 - 01:14 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

You ran AdwCleaner in Search mode rather than selecting Delete.

So please follow my instructions again in post #6 from Re-scan with AdwCleaner onwards.

Then when complete post another new AdwCleaner log and a new OTL log please, thank you.
  • 0

#9
brynndar
Posted 31 August 2012 - 07:53 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Oops! Here's the new log. Thank you.

# AdwCleaner v2.000 - Logfile created 08/31/2012 at 19:11:15
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lori - DWAYNE-2DE6E15F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\WIN\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\DOCUME~1\Lori\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\Documents and Settings\Brynn\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Dwayne\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Jake\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Jesi\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Lori\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WIN\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1454471165-879983540-1177238915-1004\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1454471165-879983540-1177238915-1009\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5371 octets] - [30/08/2012 14:26:37]
AdwCleaner[R2].txt - [5375 octets] - [30/08/2012 20:35:44]
AdwCleaner[R3].txt - [5435 octets] - [30/08/2012 20:42:11]
AdwCleaner[S2].txt - [6151 octets] - [31/08/2012 19:11:15]

########## EOF - C:\AdwCleaner[S2].txt - [6211 octets] ##########

OTL logfile created on: 8/31/2012 7:18:08 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.48 Mb Total Physical Memory | 258.52 Mb Available Physical Memory | 26.10% Memory free
2.33 Gb Paging File | 1.54 Gb Available in Paging File | 66.12% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.37 Gb Free Space | 47.82% Space Free | Partition Type: NTFS

Computer Name: DWAYNE-2DE6E15F | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
PRC - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\WIN\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\65f9fe27a524e0e1d6fe976da05c809d\Inkjet.Automation.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\24df744a06c3ee71e66e0df2957db8ab\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56788e7172b88e8e17c8187919f6fe9e\Inkjet.Localization.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\7390d6714108666d0f1d272f8bacfb13\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\77efbbfd54d23807ec041ef5ec3c12d0\Inkjet.Utilities.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\ce45b4ac627e00a2e877bc0c642b7d05\Inkjet.Hardware.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\5f1d9bddb3455d5c2342fddb3182590a\Inkjet.Statistics.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\67ae8297c655a3d2a3664fe21582a5f8\Inkjet.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WIN\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MyFunCards_5mService) -- C:\Program Files\MyFunCards_5m\bar\1.bin\5mbarsvc.exe (COMPANYVERS_NAME)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WIN\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (DCProtectService) -- C:\Program Files\Super Easy Backup\Endpoint\DCProtectService.exe (Datacastle)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WIN\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WIN\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users.WIN\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (eamon) -- C:\WIN\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WIN\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdir) -- C:\WIN\system32\drivers\epfwtdir.sys (ESET)
DRV - (AFGSp50) -- C:\WIN\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HdAudAddService) -- C:\WIN\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (nvnetbus) -- C:\WIN\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WIN\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WIN\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WIN\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (MTsensor) -- C:\WIN\system32\drivers\ASACPI.sys ()
DRV - (ms_mpu401) -- C:\WIN\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 58 19 24 05 45 CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes,DefaultScope = {09823E70-188B-4D1D-B168-F054F050AF96}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{09823E70-188B-4D1D-B168-F054F050AF96}: "URL" = http://www.google.co...GGHP_en-GBUS487
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{BE8859F8-90FB-45AB-9F84-931B8278D6E1}: "URL" = http://websearch.ask...3D-9980E1889DB0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WIN\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WIN\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WIN\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WIN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\5mffxtbr@MyFunCards_5m.com: C:\Program Files\MyFunCards_5m\bar\1.bin [2012/07/24 18:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/06/08 00:31:29 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Lori\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/07/27 06:00:00 | 000,000,734 | ---- | M]) - C:\WIN\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WIN\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WIN\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NvCplDaemon] C:\WIN\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WIN\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-879983540-1177238915-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WIN\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341441543171 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395D1A8E-4015-44DB-B1EA-A5495E4AB339}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WIN\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WIN\system32\userinit.exe) - C:\WIN\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WIN\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 16:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 20:44:06 | 000,000,000 | ---D | C] -- C:\WIN\ERDNT
[2012/08/30 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/30 20:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WIN\Start Menu\Programs\ERUNT
[2012/08/30 20:37:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lori\Desktop\erunt-setup.exe
[2012/08/29 17:17:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:02:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lori\Start Menu\Programs\Administrative Tools
[2012/08/13 13:23:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/02 09:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Local Settings\Application Data\WMTools Downloaded Files
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 19:14:15 | 000,013,646 | ---- | M] () -- C:\WIN\System32\wpa.dbl
[2012/08/31 19:13:16 | 000,002,048 | --S- | M] () -- C:\WIN\bootstat.dat
[2012/08/30 22:02:33 | 000,000,416 | -H-- | M] () -- C:\WIN\tasks\User_Feed_Synchronization-{A126B8E3-10B9-4048-81A0-7DC31E8A7EE1}.job
[2012/08/30 21:21:05 | 000,467,701 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\lori resume jetblue.pdf
[2012/08/30 21:21:05 | 000,467,701 | ---- | M] () -- C:\Documents and Settings\Lori\My Documents\lori resume .pdf
[2012/08/30 20:40:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\NTREGOPT.lnk
[2012/08/30 20:40:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\ERUNT.lnk
[2012/08/30 20:37:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lori\Desktop\erunt-setup.exe
[2012/08/30 20:35:15 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
[2012/08/29 17:17:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2012/08/29 17:11:39 | 000,854,124 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/15 17:43:02 | 000,266,208 | ---- | M] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/08/15 07:20:45 | 000,001,374 | ---- | M] () -- C:\WIN\imsins.BAK
[2012/08/14 16:40:19 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users.WIN\Desktop\Picasa 3.lnk
[2012/08/13 13:23:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WIN\System32\drivers\mbamswissarmy.sys
[2012/08/09 15:01:03 | 000,000,019 | ---- | M] () -- C:\WIN\popcinfo.dat
[2012/08/06 10:29:52 | 000,613,684 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 21:21:23 | 000,467,701 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\lori resume jetblue.pdf
[2012/08/30 21:21:04 | 000,467,701 | ---- | C] () -- C:\Documents and Settings\Lori\My Documents\lori resume .pdf
[2012/08/30 20:40:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\NTREGOPT.lnk
[2012/08/30 20:40:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\ERUNT.lnk
[2012/08/30 20:35:11 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\adwcleaner.exe
[2012/08/29 17:11:36 | 000,854,124 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\SecurityCheck.exe
[2012/08/06 10:29:47 | 000,613,684 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Adams_Jesi_2012_8_6_9_20_38_form.pdf
[2012/07/20 23:00:23 | 000,000,019 | ---- | C] () -- C:\WIN\popcinfo.dat
[2012/06/17 14:46:29 | 000,000,664 | ---- | C] () -- C:\WIN\System32\d3d9caps.dat
[2012/06/06 14:21:24 | 000,003,072 | ---- | C] () -- C:\WIN\System32\iacenc.dll
[2012/06/06 11:59:17 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb0.bin
[2012/06/06 11:59:16 | 001,074,636 | ---- | C] () -- C:\WIN\System32\nvdrsdb1.bin
[2012/06/06 11:59:16 | 000,000,001 | ---- | C] () -- C:\WIN\System32\nvdrssel.bin
[2012/06/06 11:58:46 | 002,807,708 | ---- | C] () -- C:\WIN\System32\nvdata.data
[2012/06/05 19:27:50 | 000,002,048 | --S- | C] () -- C:\WIN\bootstat.dat
[2012/06/05 19:22:12 | 000,021,640 | ---- | C] () -- C:\WIN\System32\emptyregdb.dat
[2012/06/05 13:14:11 | 000,003,985 | ---- | C] () -- C:\WIN\ODBCINST.INI
[2012/06/05 13:12:50 | 000,266,208 | ---- | C] () -- C:\WIN\System32\FNTCACHE.DAT
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\WIN\System32\EKaio2WiaCoInst.ini
[2011/11/26 15:24:21 | 000,005,810 | ---- | C] () -- C:\WIN\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users.WIN\Application Data\TEMP:FACB65E7

< End of report >

Edited by Dakeyras, 01 September 2012 - 05:33 AM.
Re-order spilt logs etc.

  • 0

#10
Dakeyras
Posted 01 September 2012 - 05:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Oops! Here's the new log. Thank you.

Not a problem I assure you and you're welcome!

Temp Disable MBAM's Protection Module:

This is so it will not hinder the custom OTL script below, it will automatically start again after your machine is rebooted.

Right-click on the Malwarebytes Anti-Malware System Tray icon >> click on Enable Protection >> at the prompt click on Yes

Note: If the System Tray icon is not present, not to worry and just proceed with the below and inform myself in your next reply OK.

Custom OTL Script:

  • Double-click on OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1454471165-879983540-1177238915-1008\..\SearchScopes\{BE8859F8-90FB-45AB-9F84-931B8278D6E1}: "URL" = http://websearch.ask...3D-9980E1889DB0
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
[3 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
[1 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users.WIN\Application Data\TEMP:FACB65E7

:Files
ipconfig /flushdns /c
C:\Program Files\MyFunCards_5m

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

Advertisements

#11
brynndar
Posted 01 September 2012 - 04:02 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
When I went to the folder for the OTL scan, it says it is empty. So I'm not sure what to do about that. It ran ok but after it was done my desktop didn't have any icons or trays so i had to restart it and when I opened Notepad, it only showed the scan that I did on 8/31/12. Here is the malwarebytes scan. There were no items that I needed to get rid of. I know you need to see the OTL scan so let me know what to do about that.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lori :: DWAYNE-2DE6E15F [administrator]

Protection: Enabled

9/1/2012 3:03:55 PM
mbam-log-2012-09-01 (15-03-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 430942
Time elapsed: 35 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
brynndar
Posted 01 September 2012 - 04:04 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I'm not sure if my computer is running any better. I am only doing the things that you ask me to do. I have stopped counting on this desktop for pretty much anything since it takes at least 20 minutes to boot up and everything else I do on it takes about 5 minutes for it to get anywhere.
  • 0

#13
Dakeyras
Posted 02 September 2012 - 06:23 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

When I went to the folder for the OTL scan, it says it is empty. So I'm not sure what to do about that. It ran ok but after it was done my desktop didn't have any icons or trays so i had to restart it and when I opened Notepad, it only showed the scan that I did on 8/31/12. Here is the malwarebytes scan. There were no items that I needed to get rid of. I know you need to see the OTL scan so let me know what to do about that.

Not a problem these things can occur and I suspect the custom script may have hung with cleaning out temp files for example. We can double check all again via a new OTL log in due course.

I'm not sure if my computer is running any better. I am only doing the things that you ask me to do. I have stopped counting on this desktop for pretty much anything since it takes at least 20 minutes to boot up and everything else I do on it takes about 5 minutes for it to get anywhere.

Fair play. If the desktop is still not as should be merely carry out the below first(if it is fine now just ignore).

Reboot into Safe Mode:

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

Next:

In Safe Mode when the Windows Advanced Options menu appears use the Arrow(On the number pad part of the keyboard)keys to select Last Known Good Configuration (your most recent settings that worked), and then press the Enter/Return key.

Next:

OK I think at this juncture we will perform some in-depth maintenance as follows...

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
Next:-
  • Click on Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Let myself know when completed the above. If any improvement overall and we will go from there, thank you.
  • 0

#14
brynndar
Posted 02 September 2012 - 09:36 PM

brynndar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It seems like everything is running quite a bit faster. Is there any regular maintenance I should be doing to keep it this way? I also am wondering if I should look into getting a new hard drive soon since this one is going on 5 years old. What do you think?

Thanks again for your help
  • 0

#15
Dakeyras
Posted 03 September 2012 - 04:05 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks again for your help

You're most welcome!

It seems like everything is running quite a bit faster. Is there any regular maintenance I should be doing to keep it this way?

I will provide advice about this when I give the all clear.

I also am wondering if I should look into getting a new hard drive soon since this one is going on 5 years old. What do you think?

As long as you perform regular system maintenance that should help. Though the lifespan of the type of hard-drive your machine has is not finite, no reason why it should not last another few years or so. However if it ever becomes say excessively noisy and or emits clicking sounds for example that is most likely a sure sign of imminent failure.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Double-click on aswMBR.exe to run it.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Java Advice:

Regarding a new Java installation, I strongly advise against re-installing a updated version at present because the software as a whole has been exploited of late and your machine could end up seriously infected. Even though this exploit has been reportedly fixed there is still a vulnerability with the software.

Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

So let myself know what you wish to do about this in your next reply please.

Next:

In your next reply post the aswMBR log. Plus a new OTL log for me please and your decision about Java etc.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP