Jump to content

breakingorbit

Members
  • Content Count

    109
  • Joined

  • Last visited

About breakingorbit

  • Rank
    Member

Contact Methods

  • Website URL
    http://

Previous Fields

  • System Specifications:
    Dell Dimension 4700, 70 GB hd, DVD player, DVD burner
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=YBRBPW8QQHCSBA4G
  • Teams:
    Nothing Selected
  1. ken, am I done? Can I delete the files we used to clean up? Thanks Orbit
  2. ken I deleted the two files, have not had any problems with comp. My work schedule has changed so it may take me longer to reply. Thanks for the help, Orbit
  3. ken, here is my eset log, not sure if this was what you wanted, but seemed to be all I could get. C:\Program Files\EsetOnlineScanner\log.txt C:\Qoobox\Quarantine\C\Documents and Settings\eric\Local Settings\Application Data\414171.exe.vir a variant of Win32/Kryptik.IOW trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\ahicenay.dll.vir a variant of Win32/Cimag.EH trojan cleaned by deleting - quarantined thanks orbit
  4. ken here is the system look log, I have to run, I will post the ESET file tonight. SystemLook 04.09.10 by jpshortstuff Log created at 09:35 on 09/12/2010 by eric Administrator - Elevation successful ========== file ========== C:\WINDOWS\Xhekoful.dat - File found and opened. MD5: 8EFEABDEEC3DE81C3DC42A2801DDF461 Created at 12:24 on 01/12/2010 Modified at 23:35 on 01/12/2010 Size: 120 bytes Attributes: --a---- No version information available. C:\WINDOWS\Mpemabowinewunoz.bin - File found and opened. MD5: D41D8CD98F00B204E9800998ECF8427E Created at 12:24 on 01/12/2010 Modified at 14:24 on 04/12/2010 Size: 0 bytes Attributes: --a---- No version information available. -= EOF =- Thanks Orbit
  5. Part 2: OTL Extras logfile created on: 12/8/2010 3:33:07 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\eric\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.59 Gb Total Space | 7.17 Gb Free Space | 10.01% Space Free | Partition Type: NTFS Computer Name: BOSTON | User Name: eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- () "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- () "C:\Program Files\Filseclab\xfilter\xfilter.exe" = C:\Program Files\Filseclab\xfilter\xfilter.exe:*:Enabled:xfilter -- (Filseclab) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS) "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group) "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 22 "{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3E24C3A9-FF04-4878-8870-1573EF0CAF65}" = VidiotMaps Map Overlay "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}" = Filseclab Personal Firewall "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011 "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{75DD22C5-3CFD-4FE5-ABB6-8793697549C2}" = COH Character Creator "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2 "{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark Fax Solutions "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{EEB9A7C4-38A2-423F-96B3-500E1844554A}" = VidiotMaps Map Overlay "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001 "{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG" = AVG 2011 "AviSynth" = AviSynth 2.5 "Azureus" = Azureus "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only) "CCleaner" = CCleaner (remove only) "CDisplay_is1" = CDisplay 1.8 "CDisplayEx_is1" = CDisplayEx 1.2 "Champions Online" = Champions Online "COH" = City of Heroes (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.4 "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.1.6 "ESET Online Scanner" = ESET Online Scanner v3 "ExtractNow_is1" = ExtractNow "ffdshow_is1" = ffdshow [rev 1324] [2007-07-01] "Free Registry Defrag_is1" = Free Registry Defrag "Free YouTube Download_is1" = Free YouTube Download 2.2 "FrostWire" = FrostWire 4.21.1 "getPlus®_dll" = getPlus®_dll "Google Updater" = Google Updater "Guitar Guru_is1" = Guitar Guru Version 2.2.5.0 "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime "InstallShield_{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark 4200 Series Fax Solutions "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only) "NanoScan" = Panda NanoScan "PROSet" = Intel® PRO Network Adapters and Drivers "RealAlt_is1" = Real Alternative 1.7.5 "RealPlayer 6.0" = RealPlayer "RegScrubXP_is1" = RegScrubXP 5.1 "Revo Uninstaller" = Revo Uninstaller 1.83 "Smart Defrag_is1" = Smart Defrag "SpywareBlaster_is1" = SpywareBlaster 4.4 "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.7.5.2014 "Tweak UI 2.10" = Tweak UI "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.5 "VSO DivxToDVD_is1" = DivxToDVD 0.5.2 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.24 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Anti-Spy" = Yahoo! Anti-Spy "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Vuze Launcher" = Vuze Launcher "WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/6/2010 10:01:40 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402 Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Error - 12/6/2010 10:01:42 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error - 12/7/2010 10:00:55 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402 Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Error - 12/7/2010 10:01:08 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error - 12/7/2010 10:01:31 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402 Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Error - 12/7/2010 10:01:32 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error - 12/8/2010 10:01:17 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402 Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Error - 12/8/2010 10:01:31 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error - 12/8/2010 10:01:53 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 11402 Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance. Error - 12/8/2010 10:01:55 AM | Computer Name = BOSTON | Source = MsiInstaller | ID = 1024 Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2289187): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 [ System Events ] Error - 12/7/2010 4:13:25 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 5:25:22 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 6:27:23 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 7:39:22 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 8:51:15 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 10:03:08 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/7/2010 11:03:09 PM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/8/2010 12:03:14 AM | Computer Name = BOSTON | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. Error - 12/8/2010 10:01:36 AM | Computer Name = BOSTON | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893). Error - 12/8/2010 10:02:35 AM | Computer Name = BOSTON | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187). < End of report > Thanks Orbit
  6. Ken here are my OTL logs: OTL logfile created on: 12/8/2010 3:33:07 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\eric\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.59 Gb Total Space | 7.17 Gb Free Space | 10.01% Space Free | Partition Type: NTFS Computer Name: BOSTON | User Name: eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\eric\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Filseclab\FilMsg.exe (Filseclab) PRC - C:\Documents and Settings\boston\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab) PRC - C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe (Creative Home) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\eric\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (KodakCCS) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe (Eastman Kodak Company) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\DOCUME~1\eric\LOCALS~1\Temp\catchme.sys File not found DRV - (Avgtdix) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (MusCDriverV32) -- C:\WINDOWS\SYSTEM32\DRIVERS\MusCDriverV32.sys (Windows ® 2000/XP) DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.) DRV - (sptd) -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys (Duplex Secure Ltd.) DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.) DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Zone Labs, LLC) DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (Filseclab Corporation) DRV - (motport) -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys (Motorola) DRV - (motmodem) -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys (Motorola) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén) DRV - (DcCam) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys (Eastman Kodak Company) DRV - (Exportit) -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys (Eastman Kodak Company) DRV - (DcPTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys (Eastman Kodak Company) DRV - (DcLps) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys (Eastman Kodak Company) DRV - (DCFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys (Eastman Kodak Company) DRV - (DcFpoint) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys (Eastman Kodak Company) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation) DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?.home=fftb" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/23 22:12:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/05 21:36:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 06:18:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:42:18 | 000,000,000 | ---D | M] [2010/07/06 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions [2010/07/06 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/12/08 15:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions [2010/05/05 09:18:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/18 13:57:11 | 000,000,000 | ---D | M] (BlackX) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{239c61a8-e55f-11db-8314-0800200c9a66} [2010/07/17 10:03:41 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2010/03/31 07:20:25 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{36C13C8F-54F1-412e-8177-2E411719162D} [2009/03/10 08:01:26 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}(2) [2010/08/18 15:10:06 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2008/03/05 20:16:46 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}(2) [2009/06/30 15:34:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/09/09 20:32:22 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/11/15 09:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/09/09 20:32:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/11/15 09:08:14 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2010/03/19 12:03:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/10/29 15:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\autopager@mozilla.org [2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com [2010/10/29 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\smarterwiki@wikiatic.com [2007/07/28 12:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\videodowloader@videodownloader.net [2010/11/15 09:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\zigboom@hotmail.com [2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\__MACOSX [2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\chrome [2010/08/18 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com\defaults [2010/08/18 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010/08/18 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2005/02/10 16:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions [2005/02/10 16:13:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2005/01/16 16:50:41 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\p4sid24g.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/12/08 14:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/02 13:24:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/09 20:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/09 16:36:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2006/05/06 11:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2005/12/16 12:03:52 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2008/10/09 16:07:34 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll [2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll [2006/11/08 14:21:50 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll [2006/05/06 11:42:04 | 000,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npvlc.dll O1 HOSTS File: ([2010/12/05 17:50:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab) O4 - HKCU..\Run: [PLNRNote] C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe (Creative Home) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe (Filseclab) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/04 16:23:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/08 15:26:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\eric\Desktop\OTL.exe [2010/12/05 21:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2010/12/05 21:31:43 | 004,502,408 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\eric\Desktop\avg_avct_stb_all_2011_1170_cnet.exe [2010/12/05 18:26:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/12/05 17:42:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/12/05 17:42:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/12/05 17:42:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/12/04 09:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/12/03 09:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\AVG Security Toolbar [2010/11/30 21:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\AVG10 [2010/11/30 21:18:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/11/30 21:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/11/30 21:03:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/11/30 20:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010/11/30 20:35:51 | 000,000,000 | ---D | C] -- C:\orbit.com [2010/11/28 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire [2010/11/26 08:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/26 07:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/26 07:54:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/26 07:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/26 07:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\Threat Expert [2010/11/22 15:23:05 | 000,000,000 | ---D | C] -- C:\hijack this [2010/11/16 21:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games [2010/11/09 22:20:58 | 000,299,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/11/09 16:36:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/11/09 16:36:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/11/09 16:36:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2005/09/23 12:22:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/08 15:26:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eric\Desktop\OTL.exe [2010/12/08 14:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/12/08 13:52:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/12/08 12:48:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/12/08 08:48:21 | 101,267,279 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2010/12/08 08:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/12/07 22:12:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/12/07 15:03:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/12/07 15:03:24 | 2674,020,352 | -HS- | M] () -- C:\hiberfil.sys [2010/12/05 21:40:59 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\SystemLook.exe [2010/12/05 21:37:37 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2010/12/05 21:31:57 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\eric\Desktop\avg_avct_stb_all_2011_1170_cnet.exe [2010/12/05 17:50:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2010/12/05 17:41:30 | 003,984,562 | R--- | M] () -- C:\Documents and Settings\eric\Desktop\ComboFix.exe [2010/12/05 08:50:17 | 000,033,740 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\batman-cartoon.jpg [2010/12/05 08:45:23 | 000,008,481 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\batmanimages.jpg [2010/12/04 09:24:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mpemabowinewunoz.bin [2010/12/01 18:35:35 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xhekoful.dat [2010/12/01 09:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/11/30 21:08:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/11/27 11:59:05 | 020,775,936 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2010/11/27 11:59:02 | 014,596,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2010/11/22 14:43:41 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\dds.scr [2010/11/16 21:08:20 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/08 08:48:21 | 101,267,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2010/12/05 21:40:58 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\SystemLook.exe [2010/12/05 21:37:37 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2010/12/05 17:42:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/12/05 17:42:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/12/05 17:42:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/12/05 17:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/12/05 17:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/12/05 08:50:10 | 000,033,740 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\batman-cartoon.jpg [2010/12/05 08:45:21 | 000,008,481 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\batmanimages.jpg [2010/12/04 09:46:50 | 003,984,562 | R--- | C] () -- C:\Documents and Settings\eric\Desktop\ComboFix.exe [2010/12/01 07:24:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xhekoful.dat [2010/12/01 07:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mpemabowinewunoz.bin [2010/11/24 15:50:05 | 000,155,599 | ---- | C] () -- C:\Documents and Settings\eric\Gmer.txt [2010/11/22 14:43:41 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\dds.scr [2010/11/16 21:08:20 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk [2009/07/13 03:57:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2009/07/01 14:29:25 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/01/18 20:52:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI [2008/08/11 09:26:22 | 000,003,199 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/07/21 15:37:03 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ImgTool.INI [2008/04/27 19:08:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008/02/20 21:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/02/20 21:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/08/21 15:12:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/04/10 12:25:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/04/02 16:58:36 | 000,000,096 | ---- | C] () -- C:\WINDOWS\cdgrabber.ini [2006/07/25 11:52:47 | 000,000,177 | ---- | C] () -- C:\WINDOWS\bgsdatatemp.INI [2006/07/25 11:52:14 | 000,000,132 | ---- | C] () -- C:\WINDOWS\gamesystem.ini [2006/07/06 11:40:49 | 000,000,491 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2006/02/22 00:13:07 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll [2006/02/15 16:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI [2006/02/10 18:39:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2006/01/31 12:20:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.eric.ini [2006/01/31 10:15:09 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AB01BC09EF.sys [2006/01/31 09:41:31 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/12/12 19:44:52 | 000,001,001 | ---- | C] () -- C:\WINDOWS\hegames.ini [2005/11/12 15:28:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005/11/11 15:19:03 | 000,000,080 | ---- | C] () -- C:\WINDOWS\xptools.ini [2005/11/11 15:08:30 | 000,000,329 | ---- | C] () -- C:\WINDOWS\System32\bn.dll [2005/10/18 18:57:12 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/02/08 19:10:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\PFP120JPR.{PB [2005/02/08 19:10:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\PFP120JCM.{PB [2005/01/24 15:30:22 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/01/17 16:10:45 | 000,005,485 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2005/01/17 15:01:36 | 000,000,224 | ---- | C] () -- C:\WINDOWS\KA.INI [2005/01/16 17:27:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\fusioncache.dat [2005/01/14 18:27:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL [2005/01/14 18:27:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL [2005/01/14 18:25:17 | 000,001,014 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/01/14 17:45:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/01/12 14:54:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/01/12 14:48:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/01/12 14:14:34 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/08/10 14:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2005/01/14 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series [2010/06/24 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/12/05 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/11/01 19:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2005/03/01 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2010/11/30 21:18:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2006/12/26 18:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Libronix DLS [2010/12/05 21:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/04/26 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2009/01/15 23:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex [2009/08/20 18:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2007/07/04 08:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5 [2007/12/13 08:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra [2010/11/26 19:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/06 13:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2007/11/23 11:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/08/07 17:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/01/28 17:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/09/25 21:05:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2005/01/15 08:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\4200Series [2009/01/27 21:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Auslogics [2010/11/30 21:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\AVG10 [2010/08/17 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Azureus [2008/07/26 14:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\ImgBurn [2009/02/21 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\IObit [2005/01/14 20:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Jasc [2005/01/14 17:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Leadertech [2006/12/26 18:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Libronix DLS [2008/07/10 15:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\MPEG Streamclip [2005/04/27 10:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Musicmatch [2008/12/10 17:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\OpenOffice.org [2008/07/09 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Pegasys Inc [2008/01/05 16:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PlayFirst [2007/07/04 08:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\scar5 [2007/08/21 15:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Serious Magic [2005/05/09 15:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SmartDraw [2006/11/08 14:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Snapfish [2009/12/09 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SystemRequirementsLab [2010/07/06 13:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\TomTom [2009/02/13 21:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Vso [2005/07/25 09:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Zen Puzzle Garden [2010/12/07 22:12:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/12/07 09:23:29 | 000,032,568 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >
  7. Comp seems to be running well. AVG hasn't flag anything after re-install.Think Point seems to be gone. What should I do next ken? Orbit
  8. ken, SystemLook 04.09.10 by jpshortstuff Log created at 21:41 on 05/12/2010 by eric Administrator - Elevation successful ========== filefind ========== Searching for "ahicenay.dll" No files found. -= EOF =- Looks like its ok, what do you think? Orbit
  9. ken Here is my CFScript log. Also AVG kept flagging this "C:\windows\ahicenay.dll TROJAN HORSE Generic20.ACHD" while I was trying to uninstall it to run Combofix. ComboFix 10-12-04.02 - eric 12/05/2010 18:27:30.8.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2097 [GMT -5:00] Running from: c:\documents and settings\eric\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\eric\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2} FILE :: "c:\documents and settings\eric\application data\hotfix.exe" . ((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 ))))))))))))))))))))))))))))))) . 2010-12-03 14:09 . 2010-12-03 14:09 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\AVG Security Toolbar 2010-12-01 12:24 . 2010-12-04 14:24 0 ----a-w- c:\windows\Mpemabowinewunoz.bin 2010-12-01 03:38 . 2010-12-01 03:38 -------- d-----w- c:\documents and settings\Madison_2\Local Settings\Application Data\AVG Security Toolbar 2010-12-01 03:38 . 2010-12-01 03:38 -------- d-----w- c:\documents and settings\Madison_2\Application Data\AVG10 2010-12-01 02:39 . 2010-12-01 02:39 -------- d-----w- c:\documents and settings\boston\Local Settings\Application Data\AVG Security Toolbar 2010-12-01 02:39 . 2010-12-01 02:39 -------- d-----w- c:\documents and settings\boston\Application Data\AVG10 2010-12-01 02:26 . 2010-12-01 02:26 -------- d-----w- c:\documents and settings\April\Local Settings\Application Data\AVG Security Toolbar 2010-12-01 02:25 . 2010-12-01 02:25 -------- d-----w- c:\documents and settings\April\Application Data\AVG10 2010-12-01 02:19 . 2010-12-01 02:19 -------- d-----w- c:\documents and settings\eric\Application Data\AVG10 2010-12-01 02:18 . 2010-12-01 02:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-12-01 02:17 . 2010-12-05 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-12-01 02:03 . 2010-12-01 02:04 -------- dc-h--w- c:\windows\ie8 2010-12-01 01:40 . 2010-12-01 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-12-01 01:35 . 2010-12-01 01:36 -------- d-----w- C:\orbit.com 2010-11-29 04:34 . 2010-11-29 04:34 -------- d-----w- c:\documents and settings\boston\Local Settings\Application Data\AskToolbar 2010-11-29 03:15 . 2010-11-29 03:17 -------- d-----w- c:\program files\FrostWire 2010-11-26 13:15 . 2010-11-26 13:15 -------- d-----w- c:\program files\ESET 2010-11-26 12:54 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-26 12:54 . 2010-11-26 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-26 12:54 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-26 12:51 . 2010-11-26 12:51 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Threat Expert 2010-11-22 20:26 . 2010-11-22 20:26 388096 ----a-r- c:\documents and settings\eric\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-22 20:23 . 2010-11-22 20:23 -------- d-----w- C:\hijack this 2010-11-20 15:38 . 2010-11-20 15:38 -------- d-----w- c:\documents and settings\Madison_2\Application Data\IObit 2010-11-17 02:08 . 2010-11-17 02:08 -------- d-----w- c:\program files\Yahoo! Games 2010-11-16 03:02 . 2010-11-29 05:40 -------- d-----w- c:\documents and settings\boston\Application Data\FrostWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 11:34 . 2010-09-26 02:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-18 16:23 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-12 13:59 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-12 13:59 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50 . 2010-05-02 18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29 . 2008-01-25 01:22 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2005-09-23 17:22 . 2005-09-23 17:22 774144 -c--a-w- c:\program files\RngInterstitial.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2006-05-06 16:42 . 2006-06-07 12:30 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLNRNote"="c:\program files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [2004-11-23 30720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Filseclab Messenger.lnk - c:\program files\Common Files\Filseclab\FilMsg.exe [2009-7-17 326192] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^eric^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 18:46 77824 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 18:50 114688 -c--a-w- c:\windows\SYSTEM32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] 2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2005-03-12 12:25 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] 2005-03-12 12:25 102400 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\Filseclab\\xfilter\\xfilter.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\boston\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/25/2010 9:09 PM 64288] R0 XPacket;Filseclab Packet Filter;c:\windows\SYSTEM32\xpacket.sys [7/17/2009 9:37 AM 126224] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 9:41 AM 92008] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 2:28 PM 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1375992] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264] S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [11/19/2007 12:17 PM 20992] S3 MusCDriverV32;MusCDriverV32;c:\windows\SYSTEM32\DRIVERS\MusCDriverV32.sys [7/19/2007 1:34 PM 513152] S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [3/26/2007 1:34 PM 642560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-12-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:12] 2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\ FF - prefs.js: browser.startup.homepage - www.my.yahoo.com FF - plugin: c:\documents and settings\boston\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{36C13C8F-54F1-412e-8177-2E411719162D} FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Extension: AutoPager: autopager@mozilla.org - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\autopager@mozilla.org FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Extension: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{239c61a8-e55f-11db-8314-0800200c9a66} FF - Extension: BlackFox V1: zigboom@hotmail.com - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\zigboom@hotmail.com FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\extensions\extension@virtusdesigns.com FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-05 18:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="7E4583FED74A2E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D6794A2D97226D213B55546D349E64DF6DFB0A5421B5A0066600A314EF97E601E68365CCBE761943D60B3FD2E915DEABCB0530EE3CBA4BBCDA408A536DEDD12C9224C5DC525C937322B12770E75837A3BB24752FD62C6D4ED44E3361B424E59D273946A3A92B8F6B4246420469908866C1E852896702A2EC0F1A0FED345140CD22CB8A171FBEB3F9F599C3BAE9741B28BDDEB15B67DDD3D031824E93B7A1716A852C97434A14291128E165EA37C28B29812BB766902910E36D0B839ACE6E1F575A03A2853B841006FB80B76834859CFD68D9A7B406D1CBD9F6F8D018B8721C0A00361D720E70FB4DE039BC033F115E851571128CF9F787EC7F5352ABDCBAA9B549B7B6FF04BF8EBCACC4ED098E041EDD0AB8E533170C2177B9EA4722B94F3447DBF2732A074ECF463A60A0DA1F1666467FAE12B002ABE624D55B669C1BA18084E7968B58EE501351B5A1B30BBF731656967C1AC5D0950CD123A2B747488D4493E0626629D176BA32A5EB2C85C36F21FEE48482D6FC003DA61A2A24CB8BD8F8287D7AB7833760ACD0B64E43B79E59F51D2AAF0545CF584A09A96A57D078C4D3CA613A887BAE0DA537CCDA93C90B45153B54D1F9C52C4A64A5ED29C695E1CBA97DE91B076232E03688231DD57A0C3448C7C23975801395E1590C7D5C33F07A4C63660BA7E5EA2C954E258C2EBACA7D9FA4FD483A89ED5C6D35A1A8516B0DD7E10F6C2A32DE27C1B76AAC27A2B3DE916AF99BCEE07E1901D6B2AA1C03D3B22DF512FACA8E52C6B86BB27A30F1EDC06A3CF0CEACDBE095443D8B06B8269EC4B047831C7EDDC3993C02B6C5F6D1D9CEE4D161AA274EF53FD3FA7E2B829A05645480891F2FB1C8B8B21DA519264D88E8905CDFC5C1C0D86E03B7B7AFC76B98EED3018AC3EBC022AE12477F10BA9D3CB2DDFD9B0C262DFEB42848973E111E2AF98E354206F80409F94E8C22D4A54636FA8162E743648824EDB8E1E9043839DD50DADFB4D81FA5B7B98B40FA488E23419BC06544CC8B4E5005B6D9556B0BCBBA3057AE05B20C12FCF556D47C130B3C36B1D2FEA02C36ECBD3645BE28CEF0EE8BEB0DF6C34AC5267B22721E42D5D8B6510F3B6A1A021A44F248BB70DC179AFA1CFB2141805BE0B87405E7D7958659340B1DDE43EF791E859CC5B032DC679B93505A17074409EAF6315BE5828F54D584E80EC289A9D77AFAAAE52627231CFACC89009F5249CC8E6A75400A7ABFBD0495E2E259023E7EA52572FE1221ED913E85628E6465D94EF3D4FA64F0ACD265D3B94F4FED25974388F47356FAE87DD0AB6A98430296E657AA12EB44A3D70731666650F6848D223DD08" "OODEFRAG10.00.00.01WORKSTATION"="8E7C3B009A948DD467399BD48987C76EB612FC3E4E591363260007F9738D7F9E07DB59BFAF6FDEA3F16FCAE274E8B0BA41188807CA6FE03250FB7CEE00FD5C2792C505C7A0226EEAF7007F96438F74EFA2709E312B53D943660E163BAF07EB22A4028C4779A1FA90E9BB6DF490CA4793E69279ACB7CC46DFB476B264170A2CB665381574BF88563EEBD39E816C0DF06ED158A670AB480190B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794198734B519E7B20E758FD09A96559186B2346C664E1486E7C188128A9C7DBF8DEAAB84EF4644242E319E2B169FF7D7E33FEEA0FD485848FB75A9C162F7EE4620F12ADBCF54863D473531DB7261E368FBD9C999CDF560A8F0D0862E364A42DFE23705571A90EDDE53B74DEFA1216D6485FD71789AB336ACD6B78EA8B4A8D210E5A910998CE750307F4ECAFC8DC47B346A0B62DF9680751E78740684FCCC94A16C9BF3C7556C129A2DF3D817125A0B824A47EF776C04D106D034039BA7960E21F043AD8B97D730CCF20AF85A7D102CBE75DA42EA39850E370E89F34ABE86D8DE9EBC8E13E983393919D281E495BA031CF5D0D2E90CF204C3946796F03EC1A3715704BA0F57EDD0951D751B5913D14991031BEFA8EBDBA206FAA97FF49A14AF302DFDAAB6DFBAAEDAB0FD455E1F71C9D90D0D3EDDD0F56A180E0C963EB7E9543AEA6E2C4174B09C4ABADA509E5C5AE474B55FB2C5A89A6FDA4D3196B971D47BEE0D815E6EFEBAFA6253E062C85DEE10A5542E19A0D2C5DBF2EA9D11D7158CA3F442C538FED7673D6CC8C6758FABB75272F17B1031A5986DC8CEBAE78CE3695F35702C01B8CFE96AF09B2756AAC1E0C8284EA9893F6B58F487165654D2156AD35B308BD565A8991EBD0282A8D210B922D3DC81CD16DE6E579F8E2261A551B0BCDA4E9FA7D21A7006E5663CE0C7F9B6A4CA41317686B1E50F453D336E053902E6664A85BAD2CF8DE7BFE39AC8CBD96FA723D846F262097128F0588231F65B4AB579D840293AE7B41964CE4AFE2679209737B1B785837EE5445F4BED2F0440141E4F62B5DD63F4CB85B2ABD974201A29F4278CDBC4C41E3A988E36B645386113AC6A84301B2B7F5EACCC32BDEE0A6E8C53D661F01D84690E6F446D82A3A4AB1E7D8E0FDFF474819BA098524C89B59F735BEA5B96CAA7D5212488F65B4D5D032DC34687D4D4A3E9548A40AC4030F9CA2B49D1D650E296CBD629A710AC1AFB3CDF46DEA30676A31D822532173B26B17CA06E386808CA3A28BA04B0A5C8B51C2176DE68D24FEA61703F3FA01B3F80BA3C6AAD1255893E063CF7CD79DDE620DEF0D87BB835EC984E2F493B81F43428F8013F7F969905CAEACDDFB399" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(864) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-12-05 18:32:11 ComboFix-quarantined-files.txt 2010-12-05 23:32 ComboFix2.txt 2010-12-05 22:52 Pre-Run: 8,507,404,288 bytes free Post-Run: 8,487,305,216 bytes free Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 0A5BD9C3CE225130A71563D034229B9C Thanks Orbit
  10. ken Here is my log from the second link. The first one kept saying not found. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: ahicenay.dll Submission date: 2010-12-04 14:36:13 (UTC) Current status: queued queued analysing finished Result: 15/ 43 (34.9%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.05.00 2010.12.04 Trojan/Win32.Hiloti AntiVir 7.10.14.189 2010.12.03 - Antiy-AVL 2.0.3.7 2010.12.04 - Avast 4.8.1351.0 2010.12.04 - Avast5 5.0.677.0 2010.12.04 - AVG 9.0.0.851 2010.12.04 - BitDefender 7.2 2010.12.04 Gen:Variant.Kazy.4284 CAT-QuickHeal 11.00 2010.12.04 - ClamAV 0.96.4.0 2010.12.04 - Command 5.2.11.5 2010.12.04 - Comodo 6944 2010.12.04 - DrWeb 5.0.2.03300 2010.12.04 - Emsisoft 5.0.0.50 2010.12.04 Gen.Variant!IK eSafe 7.0.17.0 2010.12.02 - eTrust-Vet 36.1.8017 2010.12.03 - F-Prot 4.6.2.117 2010.12.03 - F-Secure 9.0.16160.0 2010.12.04 Gen:Variant.Kazy.4284 Fortinet 4.2.254.0 2010.12.04 - GData 21 2010.12.04 Gen:Variant.Kazy.4284 Ikarus T3.1.1.90.0 2010.12.04 Gen.Variant Jiangmin 13.0.900 2010.12.04 - K7AntiVirus 9.70.3162 2010.12.04 - Kaspersky 7.0.0.125 2010.12.04 - McAfee 5.400.0.1158 2010.12.04 Hiloti.gen.g McAfee-GW-Edition 2010.1C 2010.12.04 - Microsoft 1.6402 2010.12.04 Trojan:Win32/Hiloti.gen!D NOD32 5673 2010.12.04 - Norman 6.06.10 2010.12.04 - nProtect 2010-12-04.01 2010.12.04 Gen:Variant.Kazy.4284 Panda 10.0.2.7 2010.12.04 Suspicious file PCTools 7.0.3.5 2010.12.04 - Prevx 3.0 2010.12.04 - Rising 22.76.04.00 2010.12.04 - Sophos 4.60.0 2010.12.04 Mal/Hiloti-C SUPERAntiSpyware 4.40.0.1006 2010.12.04 - Symantec 20101.2.0.161 2010.12.04 - TheHacker 6.7.0.1.094 2010.12.01 - TrendMicro 9.120.0.1004 2010.12.04 TROJ_HILOTI.SMEO TrendMicro-HouseCall 9.120.0.1004 2010.12.04 TROJ_HILOTI.SMEO VBA32 3.12.14.2 2010.12.03 - VIPRE 7505 2010.12.04 Trojan.Win32.Hiloti.ba (v) ViRobot 2010.12.4.4185 2010.12.04 - VirusBuster 13.6.73.0 2010.12.03 Trojan.Hiloti.Gen!Pac.2 Additional information Show all MD5 : 2b82dd72c2fc87bcff834e2d30eb9c4b SHA1 : ad153a528696e46171f97f0e72023975fe98c4dd SHA256: c2f6d69602e48de492b8dfeeb125e604d21cb0222cdd8051f6acbe67ef59796a ssdeep: 6144:JtIkSolDK9AZh8hYEaa4ocgUO2NnvZFme3tKZ8MgD+JE:BD5h8hYY4ocgUOQvPmkwZ8MT File size : 282112 bytes First seen: 2010-12-04 14:36:13 Last seen : 2010-12-04 14:36:13 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Ask.com copyright....: Copyright © 2009 product......: Ask Install Checker description..: Ask Install Checker original name: n/a internal name: Ask Install Checker file version.: 1,4,0,0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0xD508 timedatestamp....: 0x49DE9E91 (Fri Apr 10 01:19:13 2009) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x2C7B0, 0x2C800, 7.75, 0f267a34032f5cad459d2864bccc7dba .data, 0x2E000, 0x19DB4, 0x16E00, 6.24, 14d2512064e1355d5961b149780f2ed0 .rsrc, 0x48000, 0xDDA, 0xE00, 0.91, 3c96c367f80a61adc616fb7a04f34dfb .reloc, 0x49000, 0x5EE, 0x600, 5.45, 69c5e4c74ddeef917733a171684b3735 [[ 5 import(s) ]] KERNEL32.dll: CloseHandle, CreateFileMappingA, CreateProcessA, ExitProcess, FindClose, FindFirstFileA, GetACP, GetCommandLineA, GetLocaleInfoA, GetModuleHandleA, GetProcessWorkingSetSize, GetStartupInfoA, GetTickCount, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalReAlloc, HeapAlloc, HeapCreate, HeapDestroy, HeapReAlloc, InitializeCriticalSection, IsValidLocale, LCMapStringW, LoadLibraryA, LocalAlloc, MultiByteToWideChar, OpenProcess, OutputDebugStringA, RtlUnwind, SearchPathA, SetLastError, SetUnhandledExceptionFilter, TlsFree, VirtualAlloc, VirtualFree, WaitForMultipleObjects, WaitForSingleObject, lstrcatA, lstrcmpiA, lstrcpyA, lstrlenW user32.dll: UpdateWindow, TranslateAcceleratorA, SystemParametersInfoA, ShowWindow, ScrollWindowEx, RemoveMenu, LoadMenuA, KillTimer, IsZoomed, GetCursorPos, FillRect, EnumChildWindows, DrawMenuBar, DestroyIcon, DefMDIChildProcA, CloseClipboard advapi32.dll: ChangeServiceConfigW, EncryptFileA, AddAccessAllowedAceEx, AccessCheckByTypeAndAuditAlarmA, EnumServicesStatusExA, LookupPrivilegeValueW, LsaCreateTrustedDomain, QueryServiceConfigW, RegCreateKeyExW, EncryptionDisable ddraw.dll: DirectDrawCreateClipper, DirectDrawEnumerateExW, GetSurfaceFromDC, DDGetAttachedSurfaceLcl ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, CoCreateGuid, CLSIDFromString [[ 1 export(s) ]] GetImageItemPropertyCount ExifTool: file metadata CharacterSet: Unicode CodeSize: 182272 CompanyName: Ask.com EntryPoint: 0xd508 FileDescription: Ask Install Checker FileFlagsMask: 0x0017 FileOS: Win32 FileSize: 276 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 1,4,0,0 FileVersionNumber: 1.4.0.0 ImageVersion: 0.0 InitializedDataSize: 111104 InternalName: Ask Install Checker LanguageCode: English (U.S.) LegalCopyright: Copyright © 2009 LinkerVersion: 7.1 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Unknown PEType: PE32 ProductName: Ask Install Checker ProductVersion: 1,4,0,0 ProductVersionNumber: 1.4.0.0 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2009:04:10 03:19:13+02:00 UninitializedDataSize: 0 Symantec reputation:Suspicious.Insight Thanks Orbit
  11. ken, On the Virus Total step what file am I supposed to send? DDS? Thanks Orbit
  12. Hi ken545 Thanks for helping me. I was able to log onto my account. I think maybe my AVG may have removed thinkpoint. Here are my logs: DDS (Ver_10-11-10.01) - NTFSx86 Run by eric at 9:08:25.73 on Fri 12/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1910 [GMT -5:00] AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2} ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\mshta.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Filseclab\xfilter\xfilter.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Filseclab\FilMsg.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\eric\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [PLNRNote] c:\program files\sierrahome\hallmark card studio special edition\planner\PLNRNote.exe uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Mqaquc] rundll32.exe "c:\windows\wfctfoc.dll",Startup mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Hmihosob] rundll32.exe "c:\windows\ahicenay.dll",Startup mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filseclab messenger.lnk - c:\program files\common files\filseclab\FilMsg.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\program files\filseclab\xfilter\XFILTER.DLL Trusted Zone: musicmatch.com\online DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\a4b7s8lp.eric\ FF - prefs.js: browser.startup.homepage - www.my.yahoo.com FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\boston\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {418768E4-B033-4887-960E-DAD53606F3B7} - c:\documents and settings\eric\local settings\application data\{418768E4-B033-4887-960E-DAD53606F3B7} FF - HiddenExtension: XULRunner: {89F05485-0F74-46F2-AC05-E72636C93FD4} - c:\documents and settings\april\local settings\application data\{89F05485-0F74-46F2-AC05-E72636C93FD4} FF - HiddenExtension: XULRunner: {279D3D29-2FBA-469D-9813-664B94BB10B1} - c:\documents and settings\boston\local settings\application data\{279D3D29-2FBA-469D-9813-664B94BB10B1} FF - HiddenExtension: XULRunner: {F09CC1A5-D567-4135-AA88-3BA18EA22BE1} - c:\documents and settings\madison_2\local settings\application data\{F09CC1A5-D567-4135-AA88-3BA18EA22BE1} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 64288] R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2009-7-17 126224] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-30 517448] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-19 20992] S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-7-19 513152] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-13 394160] =============== Created Last 30 ================ 2010-12-01 12:24:29 0 ----a-w- c:\windows\Mpemabowinewunoz.bin 2010-12-01 02:19:58 -------- d-----w- c:\docume~1\eric\applic~1\AVG10 2010-12-01 02:18:53 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2010-12-01 02:18:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2010-12-01 02:17:20 -------- d-----w- c:\windows\system32\drivers\AVG 2010-12-01 02:17:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2010-12-01 02:16:10 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\{418768E4-B033-4887-960E-DAD53606F3B7} 2010-12-01 02:14:23 78848 ----a-w- c:\docume~1\eric\locals~1\applic~1\414171.exe 2010-12-01 02:03:22 -------- dc-h--w- c:\windows\ie8 2010-12-01 01:35:51 -------- d-s---w- C:\orbit.com 2010-11-29 03:15:27 -------- d-----w- c:\program files\FrostWire 2010-11-26 13:15:50 -------- d-----w- c:\program files\ESET 2010-11-26 12:54:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-26 12:54:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-26 12:54:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-26 12:51:27 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert 2010-11-22 20:26:15 388096 ----a-r- c:\docume~1\eric\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-11-22 20:23:05 -------- d-----w- C:\hijack this 2010-11-17 02:08:04 -------- d-----w- c:\program files\Yahoo! Games 2010-11-10 03:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys ==================== Find3M ==================== 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2005-09-23 17:22:24 774144 -c--a-w- c:\program files\RngInterstitial.dll ============= FINISH: 9:10:21.67 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-10.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 12/22/2007 9:08:48 PM System Uptime: 12/1/2010 9:18:49 AM (48 hours ago) Motherboard: Dell Inc. | | 0M3918 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 72 GiB total, 7.643 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Acrobat.com Ad-Aware Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 AiO_Scan_CDA Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag AutoUpdate AVG 2011 AviSynth 2.5 Azureus Bejeweled 2 Deluxe (remove only) Bonjour BufferChm C4600 CCleaner (remove only) CCScore CDBurnerXP Pro 3 CDisplay 1.8 CDisplayEx 1.2 Champions Online City of Heroes (remove only) COH Character Creator Compatibility Pack for the 2007 Office system Corel Paint Shop Pro X CR2 Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Media Experience Update DellSupport Destinations DeviceDiscovery DivX Codec DivX Converter DivX Player DivX Web Player DivxToDVD 0.5.2 Duplicate Cleaner 1.4.4 DVD Decrypter (Remove Only) DVD Shrink 3.2 DVDFab HD Decrypter 3.1.1.6 ESET Online Scanner v3 ESSBrwr ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt essvcpt ESSvpaht ESSvpot ExtractNow ffdshow [rev 1324] [2007-07-01] Filseclab Personal Firewall Free Registry Defrag Free YouTube Download 2.2 FrostWire 4.21.1 getPlus®_dll Google Earth Google Update Helper Google Updater GPBaseService2 Guitar Guru Version 2.2.5.0 Hallmark Card Studio Special Edition HiJackThis HijackThis 2.0.2 HLPIndex HLPPDOCK HLPSFO Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 HP Print Projects 1.0 HP PSC & OfficeJet 6.1.A HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update hpPrintProjects HPProductAssistant hpWLPGInstaller ImgBurn Intel® 537EP V9x DF PCI Modem Intel® Graphics Media Accelerator Driver Intel® PRO Network Adapters and Drivers Intel® PROSet for Wired Connections Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album Java Auto Updater Java DB 10.3.1.4 Java 6 Update 22 Kodak EasyShare software KSU Lexmark 4200 Series Fax Solutions Lexmark Fax Solutions Macromedia Shockwave Player Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Modem Event Monitor Modem Helper Modem On Hold Mozilla Firefox (3.6.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) Musicmatch® Jukebox My Way Search Assistant Mystery Case Files - Prime Suspects (remove only) Notifier OfotoXMI OTtBP OTtBPSDK Panda NanoScan Photo Click PowerDVD 5.3 PS_AIO_05_C4600_Software_Min QFolder QuickTime Real Alternative 1.7.5 RealPlayer RegScrubXP 5.1 Revo Uninstaller 1.83 Rhapsody Player Engine Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SFR SFR2 SHASTA SKIN0001 SKINXSDK Smart Defrag SmartWebPrinting SolutionCenter SpywareBlaster 4.4 Status System Requirements Lab TomTom HOME 2.7.5.2014 TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Tweak UI Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 VideoLAN VLC media player 0.8.5 VidiotMaps Map Overlay Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL Vuze Launcher WebFldrs XP WebReg WinDirStat 1.1.2 Windows Backup Utility Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 WIRELESS Wise Registry Cleaner 4 Free 4.24 WordPerfect Office 12 XML Paper Specification Shared Components Pack 1.0 Yahoo! Anti-Spy Yahoo! Toolbar Yahoo! Toolbar for Internet Explorer ==== Event Viewer Messages From Past Week ======== 12/1/2010 7:34:00 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced. 11/30/2010 9:11:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 11/27/2010 9:02:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187). 11/27/2010 9:01:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893). 11/26/2010 8:10:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde 11/26/2010 6:58:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). ==== End Of File =========================== Thanks again for helping me. Orbit
  13. Jon Tom, I was going thru step 6 on your recommendations. Somewhere along the way, Mcafee installed on my computer. I went into add/remove and deleted it. I went to DOWNLOAD.COM to install AVG because it seemed to have been deleted from my system. When it installed it started popping up that I had malware again."?" NOW I have something called THINK POINT, that is locking me out of my log on. Its not in my add/remove. I had to log on my my wife's account to post here. What did I do wrong? Please help me clear this out also. I thought I was doing everything safely, but obviously not. Sorry to bother you again,Orbit
  14. Jon Tom, I did all the steps you mentioned, but I did not have My way search assistant in my add/remove programs list. I even did a c"/ drive search it did not show there either. The Adobe reader did not load. I got an error 1402 key not found. Other then those two, I seem good to go. If I need to do something else please let me know, if not I appreciate you taking your time to help me out. Thanks Again, Orbit
  15. lol I found it, it WAS on my desktop. Sorry. Anyways here are the scans: DDS (Ver_10-11-10.01) - NTFSx86 Run by eric at 20:19:02.92 on Mon 11/29/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1911 [GMT -5:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Filseclab\xfilter\xfilter.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Filseclab\FilMsg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\eric\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [PLNRNote] c:\program files\sierrahome\hallmark card studio special edition\planner\PLNRNote.exe uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filseclab messenger.lnk - c:\program files\common files\filseclab\FilMsg.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\program files\filseclab\xfilter\XFILTER.DLL Trusted Zone: musicmatch.com\online DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\a4b7s8lp.eric\ FF - prefs.js: browser.startup.homepage - www.my.yahoo.com FF - plugin: c:\documents and settings\boston\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 64288] R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2009-7-17 126224] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-19 20992] S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-7-19 513152] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-13 394160] =============== Created Last 30 ================ 2010-11-29 03:15:27 -------- d-----w- c:\program files\FrostWire 2010-11-29 03:15:05 -------- d-----w- c:\program files\Ask.com 2010-11-26 13:15:50 -------- d-----w- c:\program files\ESET 2010-11-26 12:54:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-26 12:54:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-26 12:54:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-26 12:51:27 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert 2010-11-25 20:12:59 98816 ----a-w- c:\windows\sed.exe 2010-11-25 20:12:59 89088 ----a-w- c:\windows\MBR.exe 2010-11-25 20:12:59 256512 ----a-w- c:\windows\PEV.exe 2010-11-25 20:12:59 161792 ----a-w- c:\windows\SWREG.exe 2010-11-22 20:26:15 388096 ----a-r- c:\docume~1\eric\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-11-22 20:23:05 -------- d-----w- C:\hijack this 2010-11-17 02:08:04 -------- d-----w- c:\program files\Yahoo! Games 2010-11-02 00:33:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2010-11-01 21:30:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment ==================== Find3M ==================== 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2005-09-23 17:22:24 774144 -c--a-w- c:\program files\RngInterstitial.dll ============= FINISH: 20:19:57.76 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-10.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 12/22/2007 9:08:48 PM System Uptime: 11/29/2010 7:14:56 AM (13 hours ago) Motherboard: Dell Inc. | | 0M3918 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 72 GiB total, 5.173 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP215: 10/25/2010 9:00:24 AM - Software Distribution Service 3.0 RP216: 10/26/2010 8:17:18 AM - Avg Update RP217: 10/26/2010 9:00:22 AM - Software Distribution Service 3.0 RP218: 10/27/2010 9:00:24 AM - Software Distribution Service 3.0 RP219: 10/28/2010 9:00:23 AM - Software Distribution Service 3.0 RP220: 10/29/2010 9:00:24 AM - Software Distribution Service 3.0 RP221: 10/30/2010 10:42:48 AM - Software Distribution Service 3.0 RP222: 10/31/2010 12:48:13 AM - Software Distribution Service 3.0 RP223: 10/31/2010 9:00:24 AM - Software Distribution Service 3.0 RP224: 11/1/2010 8:32:20 AM - Software Distribution Service 3.0 RP225: 11/1/2010 8:37:08 PM - Installed AVG 2011 RP226: 11/1/2010 8:38:39 PM - Removed AVG Free 9.0 RP227: 11/2/2010 9:00:23 AM - Software Distribution Service 3.0 RP228: 11/3/2010 7:20:32 AM - Removed AVG 2011 RP229: 11/3/2010 9:00:22 AM - Software Distribution Service 3.0 RP230: 11/4/2010 9:00:24 AM - Software Distribution Service 3.0 RP231: 11/4/2010 12:46:48 PM - Software Distribution Service 3.0 RP232: 11/5/2010 9:00:23 AM - Software Distribution Service 3.0 RP233: 11/5/2010 10:43:05 PM - Software Distribution Service 3.0 RP234: 11/6/2010 9:00:23 AM - Software Distribution Service 3.0 RP235: 11/7/2010 8:01:07 AM - System Checkpoint RP236: 11/7/2010 9:00:24 AM - Software Distribution Service 3.0 RP237: 11/7/2010 11:10:20 PM - Software Distribution Service 3.0 RP238: 11/8/2010 9:00:23 AM - Software Distribution Service 3.0 RP239: 11/8/2010 10:41:24 PM - Software Distribution Service 3.0 RP240: 11/9/2010 9:00:24 AM - Software Distribution Service 3.0 RP241: 11/9/2010 4:35:45 PM - Installed Java 6 Update 22 RP242: 11/10/2010 9:00:21 AM - Software Distribution Service 3.0 RP243: 11/11/2010 10:17:50 AM - Software Distribution Service 3.0 RP244: 11/12/2010 9:00:31 AM - Software Distribution Service 3.0 RP245: 11/13/2010 9:00:23 AM - Software Distribution Service 3.0 RP246: 11/13/2010 8:50:01 PM - Software Distribution Service 3.0 RP247: 11/14/2010 10:13:43 PM - System Checkpoint RP248: 11/15/2010 9:00:25 AM - Software Distribution Service 3.0 RP249: 11/15/2010 11:43:09 PM - Software Distribution Service 3.0 RP250: 11/16/2010 7:40:54 AM - Removed Ask Toolbar. RP251: 11/16/2010 9:00:24 AM - Software Distribution Service 3.0 RP252: 11/16/2010 11:05:58 PM - Software Distribution Service 3.0 RP253: 11/17/2010 9:00:25 AM - Software Distribution Service 3.0 RP254: 11/17/2010 11:29:16 PM - Software Distribution Service 3.0 RP255: 11/18/2010 9:00:28 AM - Software Distribution Service 3.0 RP256: 11/19/2010 8:45:15 AM - Software Distribution Service 3.0 RP257: 11/20/2010 10:16:42 AM - Software Distribution Service 3.0 RP258: 11/21/2010 12:36:29 AM - Software Distribution Service 3.0 RP259: 11/22/2010 1:18:20 AM - System Checkpoint RP260: 11/22/2010 9:00:25 AM - Software Distribution Service 3.0 RP261: 11/22/2010 2:41:19 PM - Installed HiJackThis RP262: 11/22/2010 3:24:15 PM - Removed HiJackThis RP263: 11/22/2010 3:24:35 PM - Installed HiJackThis RP264: 11/22/2010 3:25:39 PM - Removed HiJackThis RP265: 11/22/2010 3:26:13 PM - Installed HiJackThis RP266: 11/22/2010 10:02:24 PM - Software Distribution Service 3.0 RP267: 11/23/2010 9:00:25 AM - Software Distribution Service 3.0 RP268: 11/24/2010 9:00:33 AM - Software Distribution Service 3.0 RP269: 11/25/2010 9:00:32 AM - Software Distribution Service 3.0 RP270: 11/26/2010 9:00:56 AM - Software Distribution Service 3.0 RP271: 11/27/2010 9:00:25 AM - Software Distribution Service 3.0 RP272: 11/27/2010 9:17:32 PM - 11/27/2010 RP273: 11/28/2010 9:00:30 AM - Software Distribution Service 3.0 RP274: 11/28/2010 11:35:18 PM - Removed Ask Toolbar. RP275: 11/29/2010 12:41:13 AM - Software Distribution Service 3.0 RP276: 11/29/2010 9:00:22 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Acrobat.com Ad-Aware Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 AiO_Scan_CDA Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Auslogics Disk Defrag AutoUpdate AviSynth 2.5 Azureus Bejeweled 2 Deluxe (remove only) Bonjour BufferChm C4600 CCleaner (remove only) CCScore CDBurnerXP Pro 3 CDisplay 1.8 CDisplayEx 1.2 Champions Online City of Heroes (remove only) COH Character Creator Compatibility Pack for the 2007 Office system Corel Paint Shop Pro X CR2 Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Media Experience Update DellSupport Destinations DeviceDiscovery DivX Codec DivX Converter DivX Player DivX Web Player DivxToDVD 0.5.2 Duplicate Cleaner 1.4.4 DVD Decrypter (Remove Only) DVD Shrink 3.2 DVDFab HD Decrypter 3.1.1.6 ESET Online Scanner v3 ESSBrwr ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt essvcpt ESSvpaht ESSvpot ExtractNow ffdshow [rev 1324] [2007-07-01] Filseclab Personal Firewall Free Registry Defrag Free YouTube Download 2.2 FrostWire 4.21.1 getPlus®_dll Google Earth Google Update Helper Google Updater GPBaseService2 Guitar Guru Version 2.2.5.0 Hallmark Card Studio Special Edition HiJackThis HijackThis 2.0.2 HLPIndex HLPPDOCK HLPSFO Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 HP Print Projects 1.0 HP PSC & OfficeJet 6.1.A HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update hpPrintProjects HPProductAssistant hpWLPGInstaller ImgBurn Intel® 537EP V9x DF PCI Modem Intel® Graphics Media Accelerator Driver Intel® PRO Network Adapters and Drivers Intel® PROSet for Wired Connections Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album Java Auto Updater Java DB 10.3.1.4 Java 6 Update 22 Kodak EasyShare software KSU Lexmark 4200 Series Fax Solutions Lexmark Fax Solutions Macromedia Shockwave Player Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Modem Event Monitor Modem Helper Modem On Hold Mozilla Firefox (3.6.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) Musicmatch® Jukebox My Way Search Assistant Mystery Case Files - Prime Suspects (remove only) Notifier OfotoXMI OTtBP OTtBPSDK Panda NanoScan Photo Click PowerDVD 5.3 PS_AIO_05_C4600_Software_Min QFolder QuickTime Real Alternative 1.7.5 RealPlayer RegScrubXP 5.1 Revo Uninstaller 1.83 Rhapsody Player Engine Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SFR SFR2 SHASTA SKIN0001 SKINXSDK Smart Defrag SmartWebPrinting SolutionCenter SpywareBlaster 4.4 Status System Requirements Lab TomTom HOME 2.7.5.2014 TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Tweak UI Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 VideoLAN VLC media player 0.8.5 VidiotMaps Map Overlay Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL Vuze Launcher WebFldrs XP WebReg WinDirStat 1.1.2 Windows Backup Utility Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 WIRELESS Wise Registry Cleaner 4 Free 4.24 WordPerfect Office 12 XML Paper Specification Shared Components Pack 1.0 Yahoo! Anti-Spy Yahoo! Toolbar Yahoo! Toolbar for Internet Explorer ==== Event Viewer Messages From Past Week ======== 11/26/2010 8:10:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde 11/26/2010 6:58:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). 11/22/2010 9:02:15 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187). 11/22/2010 9:01:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893). ==== End Of File =========================== Thanks, Orbit
×
×
  • Create New...