Jump to content

G D J

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. G D J
    deltalima, I updated the Java runtime and Adobe. I am actually an application developer but tend to neglect maintenance of my home PC. Here is the OTL registry update. The PC is running with no problems. Gary ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully! OTL by OldTimer - Version 3.1.36.1 log created on 03122010_201252
  2. G D J
    deltalima, Here are the results from the latest scan. Everything came up clean. We have not had any problems since atapi.sys was cleaned up. I will let you know what we see over the next few days. Thanks -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, March 12, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, March 11, 2010 20:13:02 Records in database: 3769658 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 105222 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 04:25:32 No threats found. Scanned area is clean. Selected area has been scanned.
  3. G D J
    Hi deltalima, OTL.txt OTL logfile created on: 3/11/2010 4:40:12 PM - Run 1 OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 51.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 49.80 Gb Total Space | 20.77 Gb Free Space | 41.71% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: E1505 Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan) PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\WINDOWS\system32\dlcccoms.exe ( ) PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation) SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100311.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100311.002\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation) DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.) DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (SDDMI2) -- C:\WINDOWS\system32\ddmi2.sys (Gteko Ltd.) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8}: C:\Documents and Settings\Gary\Local Settings\Application Data\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8} [2010/03/01 18:03:58 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.) O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe File not found O4 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O15 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (ScrabbleCubes Control) O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://photos.walmart.com/WalmartOutlookImport.cab (Snapfish Outlook Import ActiveX Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146102134078 (MUWebControl Class) O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class) O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 207.206.192.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (ddbcba.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: mpnoedit - (C:\WINDOWS\system32\extroute.dll) - C:\WINDOWS\System32\extroute.dll File not found ========== Files/Folders - Created Within 30 Days ========== [2010/03/11 16:36:17 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2010/03/10 22:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/03/10 21:25:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010/03/09 20:38:46 | 000,000,000 | ---D | C] -- C:\mbam [2010/03/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/03/04 16:56:02 | 009,758,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\windows-kb890830-v3.4.exe [2010/03/03 22:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer [2010/03/03 21:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/03/03 20:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\PCHealth [2010/03/03 16:55:35 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/03/03 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/03/03 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/03/03 16:47:52 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\mssefullinstall-x86fre-en-us-xp.exe [2010/03/02 23:32:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/02 23:32:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/02 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/02 23:20:27 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gary\My Documents\mbam-setup.exe [2010/03/02 21:20:14 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010/03/02 21:20:14 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010/03/02 21:19:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010/03/02 21:19:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010/03/02 17:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/03/01 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/03/01 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/03/01 18:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/03/01 18:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8} [2010/02/11 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2010/02/04 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage [2010/02/03 09:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IsolatedStorage [2010/01/21 05:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/01/12 19:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/09/21 09:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/09/21 09:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2009/09/19 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft [2009/07/06 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SupportSoft [2009/05/05 20:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google [2007/12/07 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/02/02 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help [2007/02/02 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help [2006/12/18 07:07:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2006/12/18 06:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2006/07/06 12:55:39 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2006/04/11 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall [2006/04/04 09:59:36 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll [2006/04/04 09:59:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll [2006/04/04 09:59:36 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll [2006/04/04 09:59:36 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll [2006/04/04 09:59:36 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll [2006/04/04 09:59:34 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll [2006/04/04 09:59:34 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll [2006/04/04 09:59:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll [2006/04/04 09:59:34 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/11 16:36:25 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2010/03/11 15:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/11 07:47:12 | 000,494,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/11 07:47:12 | 000,091,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/11 07:47:11 | 000,594,176 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/10 22:13:08 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini [2010/03/10 21:41:39 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT [2010/03/10 17:59:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/03/10 17:25:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/10 17:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/10 17:25:37 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys [2010/03/10 17:23:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini [2010/03/03 22:32:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/03/03 16:48:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/03 14:08:02 | 009,758,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\windows-kb890830-v3.4.exe [2010/03/03 14:02:16 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\mssefullinstall-x86fre-en-us-xp.exe [2010/03/03 09:56:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mhepur.dat [2010/03/03 06:47:33 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Wireless Network Connection.lnk [2010/03/03 00:11:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xbivifemeyudaf.bin [2010/03/02 23:45:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Microsoft Office Word 2003.lnk [2010/03/02 23:32:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/02 23:20:27 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gary\My Documents\mbam-setup.exe [2010/03/02 23:10:56 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\IconCache.db [2010/03/02 08:41:35 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Internet Explorer.lnk [2010/03/01 22:16:48 | 000,015,614 | -HS- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\14hGVx3q3cgvXYLJ0iWn4V0Bjh4J8 [2010/03/01 20:26:26 | 000,015,100 | -HS- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\jlPN1nND50253 [2010/03/01 19:53:09 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/03/01 13:54:04 | 000,001,842 | -H-- | M] () -- C:\Documents and Settings\Gary\My Documents\Default.rdp [2010/02/24 22:20:38 | 000,013,913 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\gary pic.JPG [2010/02/24 22:16:26 | 000,017,118 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\test.jpg [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/02/24 07:33:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/22 22:13:40 | 016,419,657 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\2-22-10 6AM.mp3 [2010/02/19 09:23:51 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk [2010/02/15 10:31:17 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Volunteer Wish List 2010.xls [2010/02/11 20:54:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/02/10 16:56:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/02/09 21:53:16 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Book1.xls [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/08 06:15:21 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys [2010/03/03 06:47:33 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Wireless Network Connection.lnk [2010/03/02 23:32:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/02 21:19:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\glchvt.dat [2010/03/02 08:41:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Internet Explorer.lnk [2010/03/01 20:15:04 | 000,014,190 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jlPN1nND50253 [2010/03/01 20:11:18 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\14hGVx3q3cgvXYLJ0iWn4V0Bjh4J8 [2010/03/01 20:07:32 | 000,015,100 | -HS- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\jlPN1nND50253 [2010/03/01 19:53:16 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jlPN1nND50253 [2010/03/01 19:53:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/03/01 19:53:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/03/01 19:45:18 | 000,443,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/03/01 18:04:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mhepur.dat [2010/03/01 18:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xbivifemeyudaf.bin [2010/02/24 22:19:13 | 000,013,913 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\gary pic.JPG [2010/02/24 22:16:26 | 000,017,118 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\test.jpg [2010/02/22 22:13:38 | 016,419,657 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\2-22-10 6AM.mp3 [2010/02/15 10:31:17 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Volunteer Wish List 2010.xls [2009/03/25 14:57:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009/02/02 15:13:19 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2008/08/29 21:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2007/02/18 19:10:07 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2006/06/07 14:00:25 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\bbbconfig.dat [2006/04/17 21:11:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/04/17 21:11:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8F9B2099A6.sys [2006/04/17 21:05:06 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/04/17 20:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/04/12 20:50:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/04/10 20:43:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat [2006/04/04 10:50:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/04/04 10:38:31 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/04/04 10:34:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/04 10:30:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006/04/04 09:59:36 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2006/04/04 09:59:36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2006/04/04 09:59:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2006/04/04 09:59:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2006/04/04 09:59:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2006/04/04 09:59:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2006/04/04 09:59:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll [2006/04/04 09:59:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2006/04/04 09:59:34 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2006/04/04 09:59:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2006/04/04 09:58:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/04/04 09:58:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006/04/04 09:58:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006/04/04 09:58:04 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini [2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3 < End of report > Extras.txt OTL Extras logfile created on: 3/11/2010 4:40:12 PM - Run 1 OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 51.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 49.80 Gb Total Space | 20.77 Gb Free Space | 41.71% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: E1505 Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found [HKEY_USERS\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Speed\Speed.exe" = C:\Program Files\Speed\Speed.exe:*:Enabled:Speed -- File not found "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "D:\Modem Firmware Recovery\gtrecovery.exe" = D:\Modem Firmware Recovery\gtrecovery.exe:*:Enabled:GT Critical Recovery Utility -- File not found "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\CrashPlan\CrashPlanService.exe" = C:\Program Files\CrashPlan\CrashPlanService.exe:*:Enabled:CrashPlan -- (CrashPlan) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\DOCUME~1\Gary\LOCALS~1\Temp\0.6534080367952899.exe" = [string data over 1000 bytes] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04ABA9CD-45B8-483D-8444-F75289232022}" = Cabbage Patch Kids - Where's My Pony "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2E520590-7E0F-450F-A11B-CC2C02E550B1}" = TurboTax 2008 wiaiper "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3262493A-5C05-45BC-BB3A-5DC2B5EBB803}" = CrashPlan "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37A66FA0-EAA2-012B-AD79-000000000000}" = TurboTax 2009 wiaiper "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005 "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon "{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7 "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86 "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003 "{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32 "{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2 "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C94C253C-069F-4C02-8E5B-C1D056827643}" = Wal-Mart Digital Photo Manager "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6 "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009 "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "3DGroove" = 3D Groove Playback Engine "A80599FB-C344-4F78-B69C-A7B5FC5047C5" = Digby's Donuts "ACE/Agent for Windows NT" = RSA ACE/Agent for Windows "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "CSCLIB" = Canon Camera Support Core Library "D5568B1C-FE34-4C0F-9F6D-FBA680D6BB69" = Crystal Maze "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Dell Game Console" = Dell Game Console "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924 "EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] "ESPNMotion" = ESPNMotion "F346023B-4BB1-4541-B9D6-A4DEA1B61035" = Lemonade Tycoon 2 "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OVT Scanner" = Uninstall OVT Scanner "PUBLISHERR" = Microsoft Office Publisher 2007 Trial "Reader Rabbit Preschool" = Reader Rabbit Preschool "RealArcade 1.2" = RealArcade "RealPlayer 6.0" = RealPlayer Basic "RemoteCaptureDC" = Canon Utilities RemoteCapture DC "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Sandlot Games Client Services_is1" = Sandlot Games Client Services "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Weather Channel Desktop" = The Weather Channel Desktop "TurboTax 2008" = TurboTax 2008 "TurboTax 2009" = TurboTax 2009 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006 "UnityWebPlayer" = Unity Web Player "Upromise TurboSaver" = Upromise TurboSaver (remove only) "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WildTangent CDA" = WildTangent Web Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WT007176" = Garden Dreams "WT007825" = JEOPARDY "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zoombinis Island Odyssey" = Zoombinis Island Odyssey "Zoombinis Logical Journey" = Zoombinis Logical Journey "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist. Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt> with error: This network connection does not exist. Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 3/10/2010 6:20:18 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf by: Auto-Protect scan. Action: Clean failed : Delete failed. Action Description: The file was left unchanged. Error - 3/10/2010 6:20:42 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf by: Auto-Protect scan. Action: Clean failed : Delete failed : Access denied. Action Description: The file was left unchanged. Error - 3/10/2010 6:20:42 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf by: Auto-Protect scan. Action: Clean failed : Delete failed : Access denied. Action Description: The file was left unchanged. Error - 3/10/2010 7:11:39 PM | Computer Name = E1505 | Source = MPSampleSubmission | ID = 5000 Description = Error - 3/11/2010 12:30:16 AM | Computer Name = E1505 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting module unknown, version 0.0.0.0, fault address 0x60b47930. [ System Events ] Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001 Description = Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001 Description = Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001 Description = Error - 3/10/2010 4:59:35 AM | Computer Name = E1505 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 3/10/2010 4:59:35 AM | Computer Name = E1505 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 3/10/2010 5:00:32 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001 Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058 Error - 3/10/2010 5:00:32 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001 Description = The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058 Error - 3/10/2010 7:25:51 PM | Computer Name = E1505 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 3/10/2010 7:27:35 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001 Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058 Error - 3/10/2010 7:27:35 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001 Description = The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058 < End of report > Thanks
  4. G D J
    Hi deltalima, I went ahead and un-installed Security Essentials. I had planned on removing after the virus was cleaned up. It was beneficial when I initially got the virus. I ran the tdsskiller.exe. It said it cleaned up C:\WINDOWS\system32\drivers\atapi.sys. Unfortunately, I ran it a second time which overwrote the output that mentioned the clean up. Below are the results from running it a second time. It does look like my problems are better. I am no longer getting re-directed on internet searches. We did not end up using the computer very much tonight so it was not a great test. I will continue to monitor over the next few days and let you know. Thank you so much for your assistance! Gary 17:29:18:875 2488 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20 17:29:18:875 2488 ================================================================================ 17:29:18:875 2488 SystemInfo: 17:29:18:875 2488 OS Version: 5.1.2600 ServicePack: 3.0 17:29:18:875 2488 Product type: Workstation 17:29:18:875 2488 ComputerName: E1505 17:29:18:875 2488 UserName: Gary 17:29:18:875 2488 Windows directory: C:\WINDOWS 17:29:18:875 2488 Processor architecture: Intel x86 17:29:18:875 2488 Number of processors: 2 17:29:18:875 2488 Page size: 0x1000 17:29:18:875 2488 Boot type: Normal boot 17:29:18:875 2488 ================================================================================ 17:29:18:890 2488 UnloadDriverW: NtUnloadDriver error 2 17:29:18:890 2488 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 17:29:18:906 2488 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 17:29:18:906 2488 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 17:29:18:906 2488 wfopen_ex: Trying to KLMD file open 17:29:18:906 2488 wfopen_ex: File opened ok (Flags 2) 17:29:18:906 2488 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 17:29:18:906 2488 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 17:29:18:906 2488 wfopen_ex: Trying to KLMD file open 17:29:18:906 2488 wfopen_ex: File opened ok (Flags 2) 17:29:18:906 2488 Initialize success 17:29:18:906 2488 17:29:18:906 2488 Scanning Services ... 17:29:19:500 2488 GetAdvancedServicesInfo: Raw services enum returned 397 services 17:29:19:500 2488 17:29:19:500 2488 Scanning Kernel memory ... 17:29:19:500 2488 Devices to scan: 4 17:29:19:500 2488 17:29:19:500 2488 Driver Name: Disk 17:29:19:500 2488 IRP_MJ_CREATE : F7683BB0 17:29:19:500 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 17:29:19:500 2488 IRP_MJ_CLOSE : F7683BB0 17:29:19:500 2488 IRP_MJ_READ : F767DD1F 17:29:19:500 2488 IRP_MJ_WRITE : F767DD1F 17:29:19:500 2488 IRP_MJ_QUERY_INFORMATION : 804F4562 17:29:19:500 2488 IRP_MJ_SET_INFORMATION : 804F4562 17:29:19:500 2488 IRP_MJ_QUERY_EA : 804F4562 17:29:19:500 2488 IRP_MJ_SET_EA : 804F4562 17:29:19:500 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2 17:29:19:500 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 17:29:19:500 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 17:29:19:500 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562 17:29:19:500 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 17:29:19:500 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB 17:29:19:500 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28 17:29:19:500 2488 IRP_MJ_SHUTDOWN : F767E2E2 17:29:19:500 2488 IRP_MJ_LOCK_CONTROL : 804F4562 17:29:19:500 2488 IRP_MJ_CLEANUP : 804F4562 17:29:19:500 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562 17:29:19:500 2488 IRP_MJ_QUERY_SECURITY : 804F4562 17:29:19:500 2488 IRP_MJ_SET_SECURITY : 804F4562 17:29:19:500 2488 IRP_MJ_POWER : F767FC82 17:29:19:500 2488 IRP_MJ_SYSTEM_CONTROL : F768499E 17:29:19:500 2488 IRP_MJ_DEVICE_CHANGE : 804F4562 17:29:19:500 2488 IRP_MJ_QUERY_QUOTA : 804F4562 17:29:19:500 2488 IRP_MJ_SET_QUOTA : 804F4562 17:29:19:531 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 17:29:19:531 2488 17:29:19:531 2488 Driver Name: Disk 17:29:19:531 2488 IRP_MJ_CREATE : F7683BB0 17:29:19:531 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 17:29:19:531 2488 IRP_MJ_CLOSE : F7683BB0 17:29:19:531 2488 IRP_MJ_READ : F767DD1F 17:29:19:531 2488 IRP_MJ_WRITE : F767DD1F 17:29:19:531 2488 IRP_MJ_QUERY_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_SET_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_EA : 804F4562 17:29:19:531 2488 IRP_MJ_SET_EA : 804F4562 17:29:19:531 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2 17:29:19:531 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB 17:29:19:531 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28 17:29:19:531 2488 IRP_MJ_SHUTDOWN : F767E2E2 17:29:19:531 2488 IRP_MJ_LOCK_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_CLEANUP : 804F4562 17:29:19:531 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_SECURITY : 804F4562 17:29:19:531 2488 IRP_MJ_SET_SECURITY : 804F4562 17:29:19:531 2488 IRP_MJ_POWER : F767FC82 17:29:19:531 2488 IRP_MJ_SYSTEM_CONTROL : F768499E 17:29:19:531 2488 IRP_MJ_DEVICE_CHANGE : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_QUOTA : 804F4562 17:29:19:531 2488 IRP_MJ_SET_QUOTA : 804F4562 17:29:19:531 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 17:29:19:531 2488 17:29:19:531 2488 Driver Name: Disk 17:29:19:531 2488 IRP_MJ_CREATE : F7683BB0 17:29:19:531 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 17:29:19:531 2488 IRP_MJ_CLOSE : F7683BB0 17:29:19:531 2488 IRP_MJ_READ : F767DD1F 17:29:19:531 2488 IRP_MJ_WRITE : F767DD1F 17:29:19:531 2488 IRP_MJ_QUERY_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_SET_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_EA : 804F4562 17:29:19:531 2488 IRP_MJ_SET_EA : 804F4562 17:29:19:531 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2 17:29:19:531 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 17:29:19:531 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB 17:29:19:531 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28 17:29:19:531 2488 IRP_MJ_SHUTDOWN : F767E2E2 17:29:19:531 2488 IRP_MJ_LOCK_CONTROL : 804F4562 17:29:19:531 2488 IRP_MJ_CLEANUP : 804F4562 17:29:19:531 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_SECURITY : 804F4562 17:29:19:531 2488 IRP_MJ_SET_SECURITY : 804F4562 17:29:19:531 2488 IRP_MJ_POWER : F767FC82 17:29:19:531 2488 IRP_MJ_SYSTEM_CONTROL : F768499E 17:29:19:531 2488 IRP_MJ_DEVICE_CHANGE : 804F4562 17:29:19:531 2488 IRP_MJ_QUERY_QUOTA : 804F4562 17:29:19:531 2488 IRP_MJ_SET_QUOTA : 804F4562 17:29:19:546 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 17:29:19:546 2488 17:29:19:546 2488 Driver Name: atapi 17:29:19:546 2488 IRP_MJ_CREATE : F74AA6F2 17:29:19:546 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 17:29:19:546 2488 IRP_MJ_CLOSE : F74AA6F2 17:29:19:546 2488 IRP_MJ_READ : 804F4562 17:29:19:546 2488 IRP_MJ_WRITE : 804F4562 17:29:19:546 2488 IRP_MJ_QUERY_INFORMATION : 804F4562 17:29:19:546 2488 IRP_MJ_SET_INFORMATION : 804F4562 17:29:19:546 2488 IRP_MJ_QUERY_EA : 804F4562 17:29:19:546 2488 IRP_MJ_SET_EA : 804F4562 17:29:19:546 2488 IRP_MJ_FLUSH_BUFFERS : 804F4562 17:29:19:546 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 17:29:19:546 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 17:29:19:546 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562 17:29:19:546 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 17:29:19:562 2488 IRP_MJ_DEVICE_CONTROL : F74AA712 17:29:19:562 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A6852 17:29:19:562 2488 IRP_MJ_SHUTDOWN : 804F4562 17:29:19:562 2488 IRP_MJ_LOCK_CONTROL : 804F4562 17:29:19:562 2488 IRP_MJ_CLEANUP : 804F4562 17:29:19:562 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562 17:29:19:562 2488 IRP_MJ_QUERY_SECURITY : 804F4562 17:29:19:562 2488 IRP_MJ_SET_SECURITY : 804F4562 17:29:19:562 2488 IRP_MJ_POWER : F74AA73C 17:29:19:562 2488 IRP_MJ_SYSTEM_CONTROL : F74B1336 17:29:19:562 2488 IRP_MJ_DEVICE_CHANGE : 804F4562 17:29:19:562 2488 IRP_MJ_QUERY_QUOTA : 804F4562 17:29:19:562 2488 IRP_MJ_SET_QUOTA : 804F4562 17:29:19:593 2488 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1 17:29:19:593 2488 17:29:19:593 2488 Completed 17:29:19:593 2488 17:29:19:593 2488 Results: 17:29:19:593 2488 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 17:29:19:593 2488 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 17:29:19:593 2488 File objects infected / cured / cured on reboot: 0 / 0 / 0 17:29:19:593 2488 17:29:19:593 2488 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 17:29:19:593 2488 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 17:29:19:593 2488 KLMD(ARK) unloaded successfully
  5. G D J
    I originally posted this on the general forum. Below are my logs. I also included an attachment with 3 bitmaps. These are examples of the errors that I am continually getting via Visual Studio's JIT debugger. Thank you, Gary ------------------------------------------------------------------------------------ Last Monday, I was infected with a virus. It started out as the virus that says that you have a certain number of viruses and you need to install an anti-virus program. I do not recall exactly what the message was but I think it was Internet Security 2010. I updated and ran Malwarebytes' Anti-Malware. I found several viruses and succesfully removed them. I thought I was good. As I continued to do work on my computer, I would get Visual Studio's Just In Time debugger coming up with various errors. It seems I still have something running in the background. I have Symantec installed through work. At one point in time, it stopped the hacktool.rootkit virus. I tried Microsoft Security Essentials as well. I am stuck in a cycle, all scans run without finding errors, I try to go back to using my computer and do internet searches. I get re-directed and typically the VS JIT debugger comes up, eventually Symantec or Security Essentials catches something. (I understand it is not good to have both) I run scans again and typically come up clean. My diagnosis is that the internet search virus is causing my problems. At first it was just Google but now looks to be Bing. Any help would be greatly appreciated. ---------------------------------------------------------------------------------------------------------- DDS (Ver_09-12-01.01) - NTFSx86 Run by Gary at 21:32:52.62 on Tue 03/09/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.343 [GMT -6:00] AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\CrashPlan\CrashPlanService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\CrashPlan\CrashPlanTray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Documents and Settings\Gary\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en uSearch Bar = uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/manners_game.html" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe" mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://photos.walmart.com/WalmartOutlookImport.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146102134078 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/html - {ae420702-5d42-49a7-bb3f-dbfa1df03954} - Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 ddbcba.dll ============= SERVICES / DRIVERS =============== R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576] R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2009-8-20 152064] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100309.009\naveng.sys [2010-3-9 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100309.009\navex15.sys [2010-3-9 1324720] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992] ============== File Associations =============== regfile=regedit.exe "%1" %* scrfile="%1" %* =============== Created Last 30 ================ 2010-03-10 03:11:52 0 ----a-w- c:\documents and settings\gary\defogger_reenable 2010-03-10 02:38:46 0 d-----w- C:\mbam 2010-03-03 22:55:35 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-03 22:49:05 0 d-----w- c:\program files\Microsoft Security Essentials 2010-03-03 05:32:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-03 05:32:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-03 05:32:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-03 03:20:14 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-03-03 03:20:14 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-03-03 03:19:55 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-03-03 03:19:55 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-03-02 01:53:09 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-02 01:53:09 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-03-02 00:04:00 120 ----a-w- c:\windows\Mhepur.dat 2010-03-02 00:04:00 0 ----a-w- c:\windows\Xbivifemeyudaf.bin ==================== Find3M ==================== 2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2006-07-06 18:55:33 774144 ----a-w- c:\program files\RngInterstitial.dll 2006-04-19 03:07:56 56 --sh--r- c:\windows\system32\8F9B2099A6.sys 2006-04-19 03:07:57 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-09-07 18:16:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat ============= FINISH: 21:35:05.04 =============== Malwarebytes' Anti-Malware 1.44 Database version: 3845 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 3/9/2010 9:25:01 PM mbam-log-2010-03-09 (21-25-01).txt Scan type: Quick Scan Objects scanned: 140992 Time elapsed: 25 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip VS_JIT_1.zip
  6. G D J
    Thank you for your respsones. Previously, I was not able to run mbam.exe. I renamed and was able to run. I think I removed the XP Internet Security 2010 and Antivirus Vista 2010. Something else seems to be causing an issue. I will post my log following Firefox's directions tomorrow. Thanks again.
  7. G D J
    Last Monday, I was infected with a virus. It started out as the virus that says that you have a certain number of viruses and you need to install an anti-virus program. I do not recall exactly what the message was but I think it was Internet Security 2010. I updated and ran Malwarebytes' Anti-Malware. I found several viruses and succesfully removed them. I thought I was good. As I continued to do work on my computer, I would get Visual Studio's Just In Time debugger coming up with various errors. It seems I still have something running in the background. I have Symantec installed through work. At one point in time, it stopped the hacktool.rootkit virus. I tried Microsoft Security Essentials as well. I am stuck in a cycle, all scans run without finding errors, I try to go back to using my computer and do internet searches. I get re-directed and typically the VS JIT debugger comes up, eventually Symantec or Security Essentials catches something. (I understand it is not good to have both) I run scans again and typically come up clean. My diagnosis is that the internet search virus is causing my problems. At first it was just Google but now looks to be Bing. Any help would be greatly appreciated. Thanks, Gary
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.