Random shutdowns with XP

Solved
By j2z
Dec 2, 2012
  1. My computer has been running clean for nearly three years since getting great support from this board, but I've been having problems recently with it shutting down at random times. Sometimes it resets and sometimes I have to power down. It took about five tries to get running tonight and now it's been going strong for over an hour. Before tearing into the box to look for hardware problems I thought it best to check for malware or a virus. Should I start the 4-step process and post accordingly? Thanks in advance!

    - Jeff
  2. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    MBAM report:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.02.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Dad :: VANDELAY-2112 [administrator]

    12/2/2012 11:18:53 AM
    mbam-log-2012-12-02 (11-18-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 359173
    Time elapsed: 21 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    DDS report:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Dad at 12:02:33 on 2012-12-02
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.237 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.cox.net/
    uWindow Title = Internet Explorer Provided by Cox High Speed Internet
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcaler~1.lnk - c:\program files\msi\pc alert 4\PCAlert4.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail111a.urscorp.com/iNotes6W.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223764482484
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{A32BF7BE-3FBC-4AEC-9F7A-040199D17247} : DHCPNameServer = 192.168.0.1
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\6qvqm652.default\
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - ExtSQL: !HIDDEN! 2009-08-07 11:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-25 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 361032]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 44808]
    S2 gupdate1c9b72e8bd6313e;Google Update Service (gupdate1c9b72e8bd6313e);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    .
    =============== File Associations ===============
    .
    ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
    ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
    ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
    ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
    .
    =============== Created Last 30 ================
    .
    2012-12-02 08:14:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-02 08:14:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-02 08:08:47 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
    2012-12-02 08:08:41 -------- d-----w- c:\program files\McAfee Security Scan
    2012-12-02 08:07:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-02 06:49:50 -------- d-----w- c:\documents and settings\dad\application data\Nico Mak Computing
    2012-12-02 06:49:00 17224 ----a-w- c:\windows\system32\roboot.exe
    .
    ==================== Find3M ====================
    .
    2012-12-02 08:07:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-12-02 08:07:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 12:03:44.29 ===============
  4. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Attach report:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/21/2004 11:23:02 AM
    System Uptime: 12/2/2012 9:37:54 AM (3 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6540
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 128 GiB total, 63.262 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 21 GiB total, 6.252 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_53321462&REV_00\3&61AAA01&0&1B
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_53321462&REV_00\3&61AAA01&0&1B
    Service:
    .
    ==== System Restore Points ===================
    .
    RP457: 9/3/2012 12:40:11 PM - System Checkpoint
    RP458: 9/4/2012 8:24:01 PM - System Checkpoint
    RP459: 9/5/2012 9:40:22 PM - Installed QuickTime
    RP460: 9/8/2012 11:29:43 PM - System Checkpoint
    RP461: 9/10/2012 6:28:48 PM - System Checkpoint
    RP462: 9/12/2012 5:13:12 PM - System Checkpoint
    RP463: 9/13/2012 5:40:25 PM - System Checkpoint
    RP464: 9/14/2012 9:48:33 PM - System Checkpoint
    RP465: 9/22/2012 12:15:49 PM - System Checkpoint
    RP466: 9/23/2012 3:54:13 PM - System Checkpoint
    RP467: 9/24/2012 6:14:32 PM - System Checkpoint
    RP468: 9/25/2012 7:14:08 PM - System Checkpoint
    RP469: 9/26/2012 8:02:41 PM - System Checkpoint
    RP470: 9/29/2012 12:27:00 PM - System Checkpoint
    RP471: 9/30/2012 10:25:15 PM - System Checkpoint
    RP472: 10/2/2012 9:26:20 PM - System Checkpoint
    RP473: 10/6/2012 7:52:54 AM - System Checkpoint
    RP474: 10/8/2012 6:47:04 PM - System Checkpoint
    RP475: 10/9/2012 9:58:30 PM - System Checkpoint
    RP476: 10/11/2012 8:10:06 PM - System Checkpoint
    RP477: 10/13/2012 4:53:16 PM - System Checkpoint
    RP478: 10/19/2012 10:25:37 PM - System Checkpoint
    RP479: 10/21/2012 1:04:56 PM - System Checkpoint
    RP480: 10/26/2012 5:28:41 PM - System Checkpoint
    RP481: 10/27/2012 6:05:22 PM - System Checkpoint
    RP482: 10/28/2012 10:01:25 PM - System Checkpoint
    RP483: 10/29/2012 10:37:31 PM - System Checkpoint
    RP484: 11/1/2012 6:55:56 PM - System Checkpoint
    RP485: 11/5/2012 8:46:56 PM - System Checkpoint
    RP486: 11/7/2012 6:25:31 PM - System Checkpoint
    RP487: 11/8/2012 7:22:53 PM - System Checkpoint
    RP488: 11/10/2012 4:23:28 PM - System Checkpoint
    RP489: 11/12/2012 6:55:05 PM - System Checkpoint
    RP490: 11/17/2012 2:32:17 PM - System Checkpoint
    RP491: 11/18/2012 5:56:17 PM - System Checkpoint
    RP492: 11/19/2012 8:10:05 PM - System Checkpoint
    RP493: 11/21/2012 8:53:21 AM - System Checkpoint
    RP494: 11/22/2012 7:07:53 PM - System Checkpoint
    RP495: 11/23/2012 10:15:36 PM - System Checkpoint
    RP496: 11/26/2012 8:10:58 PM - System Checkpoint
    RP497: 12/1/2012 12:29:22 PM - System Checkpoint
    RP498: 12/2/2012 12:56:22 AM - WinZip Registry Optimizer Sun, Dec 02, 12 00:56
    RP499: 12/2/2012 1:50:54 AM - Installed QuickTime
    RP500: 12/2/2012 2:06:46 AM - Installed Java 7 Update 9
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcGIS ArcObjects Developer Kit
    ArcGIS Desktop
    ArcGIS Explorer Desktop
    ArcGIS Tutorial Data
    avast! Free Antivirus
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon EOS 5D WIA Driver
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.4
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    CorelDRAW 10
    Critical Update for Windows Media Player 11 (KB959772)
    Diamond Scheduler 6
    Diamond Scheduler Multidivision Approach 1
    Diamond Scheduler Multidivision Approach 2
    Diamond Scheduler Multidivision Approach 3
    DiscWizard 2003
    EclipseCrossword
    Epson CreativeZone
    Epson Easy Photo Print 2
    EPSON NX410 Series Printer Uninstall
    EPSON Scan
    EPSON Web-To-Page
    ffdshow [rev 2527] [2008-12-19]
    Foxit Reader
    Garmin City Navigator North America NT 2010.20
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    GermanNow
    Google Chrome
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.0.0.320
    GrammarPro
    H&R Block Deluxe + Efile + State 2009
    H&R Block Deluxe + Efile + State 2010
    H&R Block Deluxe + Efile + State 2011
    H&R Block Nebraska 2009
    H&R Block Nebraska 2010
    H&R Block Nebraska 2011
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    InfraRecorder
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_01
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 34
    LeagueWorks for Little League
    LG Android Drivers
    LG USB Modem driver
    LightScribe System Software
    LightScribe Template Designs - Nature Pack 1
    LightScribe Template Labeler
    Logger Pro 3.8.2
    LoggerPro3
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    Mia2
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 3.7
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Move Networks Player for Firefox
    MovieEdit Task
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PC Alert 4
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    QuickTime
    RealPlayer
    RuneScape Launcher 1.2
    Rush Screensaver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Sentinel System Driver
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    SiSAGP driver
    SUPERAntiSpyware Free Edition
    SurferNETWORK Player
    TBS WMP Plug-in
    The Battle for Middle-earth (tm) II
    TI Connect 1.6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    VBA (3821b)
    Verizon V CAST Media Manager
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WOT for Internet Explorer
    Zoo Tycoon: Complete Collection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/1/2012 11:49:58 PM, error: Service Control Manager [7000] - The PCAlertDriver service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    RogueKiller report:

    RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Dad [Admin rights]
    Mode : Remove -- Date : 12/02/2012 18:45:05

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160023A +++++
    --- User ---
    [MBR] 7f9d7984012a6e82c4920b34c1886d74
    [BSP] 76ea8efc597150f5ba6b386c40a90778 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 268430085 | Size: 21548 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_12022012_02d1845.txt >>
    RKreport[1]_S_12022012_02d1844.txt ; RKreport[2]_D_12022012_02d1845.txt
  7. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    aswMBR report:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-02 18:51:08
    -----------------------------
    18:51:08.562 OS Version: Windows 5.1.2600 Service Pack 3
    18:51:08.562 Number of processors: 2 586 0x209
    18:51:08.562 ComputerName: VANDELAY-2112 UserName: Dad
    18:51:10.000 Initialize success
    18:51:15.468 AVAST engine defs: 12120101
    18:51:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:51:38.281 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
    18:51:38.312 Disk 0 MBR read successfully
    18:51:38.312 Disk 0 MBR scan
    18:51:38.343 Disk 0 Windows XP default MBR code
    18:51:38.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131069 MB offset 63
    18:51:38.359 Disk 0 Partition - 00 0F Extended LBA 21548 MB offset 268430085
    18:51:38.375 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 21548 MB offset 268430148
    18:51:38.390 Disk 0 scanning sectors +312560640
    18:51:38.437 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:51:52.921 Service scanning
    18:51:57.390 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    18:52:01.828 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
    18:52:07.609 Modules scanning
    18:52:15.984 Disk 0 trace - called modules:
    18:52:16.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    18:52:16.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f8f030]
    18:52:16.015 3 CLASSPNP.SYS[f7756fd7] -> nt!IofCallDriver -> \Device\00000060[0x85f92a40]
    18:52:16.015 5 ACPI.sys[f76cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f92b58]
    18:52:16.750 AVAST engine scan C:\WINDOWS
    18:52:25.265 AVAST engine scan C:\WINDOWS\system32
    18:54:47.984 AVAST engine scan C:\WINDOWS\system32\drivers
    18:55:05.625 AVAST engine scan C:\Documents and Settings\Dad
    18:59:24.937 AVAST engine scan C:\Documents and Settings\All Users
    19:05:18.203 Scan finished successfully
    19:14:54.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\MBR.dat"
    19:14:54.750 The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\aswMBR.txt"


  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  9. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Combofix report:

    ComboFix 10-02-08.09 - Dad 02/10/2010 2:07.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.48 [GMT -6:00]
    Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
    Restored copy from - The cat ate it :p
    -- Previous Run --

    Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
    Restored copy from - The cat ate it :p
    Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
    Restored copy from - The cat ate it :p
    Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
    Restored copy from - The cat ate it :p
    Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected
    Restored copy from - The cat ate it :p
    Infected copy of c:\windows\system32\drivers\usbhub.sys was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\usbhub.sys

    --------

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
    .

    2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-02-06 05:03 . 2010-02-06 05:03 -------- d-----w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
    2010-02-06 04:12 . 2010-02-06 04:12 -------- d-----w- c:\documents and settings\Dad\Application Data\CheckPoint
    2010-02-06 04:11 . 2010-02-06 04:11 -------- d-----w- c:\program files\CheckPoint
    2010-02-06 04:10 . 2009-11-22 21:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
    2010-02-06 04:10 . 2009-11-22 21:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
    2010-02-06 04:10 . 2009-11-22 21:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
    2010-02-06 04:10 . 2010-02-06 04:10 -------- d-----w- c:\windows\system32\ZoneLabs
    2010-02-06 04:10 . 2010-02-06 04:10 -------- d-----w- c:\program files\Zone Labs
    2010-02-05 20:15 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-02-05 13:34 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-02-05 13:32 . 2010-02-05 13:32 -------- d-----w- c:\program files\Lavasoft
    2010-02-05 13:15 . 2010-02-05 13:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-02-05 05:59 . 2010-02-05 05:59 -------- d-----w- C:\VundoFix Backups
    2010-02-05 05:35 . 2010-02-05 05:35 -------- d-----w- c:\program files\Trend Micro
    2010-02-05 05:35 . 2010-02-05 05:35 -------- d-----w- c:\documents and settings\Dad\Application Data\AVG8
    2010-02-05 05:34 . 2010-02-05 05:34 -------- d-----w- c:\program files\CCleaner
    2010-02-05 05:31 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-02-05 05:31 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-02-05 05:31 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-02-05 05:31 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-02-05 05:31 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-02-05 05:31 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-02-05 05:31 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-02-05 05:31 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-02-05 05:31 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
    2010-02-05 05:30 . 2010-02-05 05:30 -------- d-----w- c:\program files\Alwil Software
    2010-02-05 05:30 . 2010-02-05 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-02-05 03:56 . 2010-02-05 03:56 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
    2010-02-05 03:56 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-05 03:56 . 2010-02-05 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-05 03:56 . 2010-02-05 05:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-05 03:56 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-04 02:40 . 2010-02-04 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-01-12 21:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-10 08:04 . 2010-02-07 01:24 8585164 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-02-10 06:47 . 2001-08-23 12:00 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2010-02-10 06:23 . 2004-11-02 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-02-10 03:19 . 2006-11-07 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-02-10 03:06 . 2010-02-10 03:19 1728512 ----a-w- c:\windows\Internet Logs\xDB3.tmp
    2010-02-10 03:06 . 2010-02-10 03:18 1869312 ----a-w- c:\windows\Internet Logs\xDB2.tmp
    2010-02-09 05:28 . 2010-02-10 03:05 1725952 ----a-w- c:\windows\Internet Logs\xDB1.tmp
    2010-02-08 14:01 . 2008-01-26 18:32 -------- d-----w- c:\documents and settings\Dad\Application Data\U3
    2010-02-07 20:06 . 2004-11-02 01:51 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-07 19:55 . 2008-10-11 16:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-02-06 05:04 . 2010-02-06 05:04 52224 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-06 05:03 . 2010-02-06 05:03 117760 ----a-w- c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-06 04:10 . 2004-11-05 03:53 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2010-02-03 02:34 . 2008-10-23 02:26 -------- d-----w- c:\program files\Citrix
    2010-01-17 21:17 . 2009-02-20 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2010-01-16 23:11 . 2009-12-06 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
    2010-01-14 02:09 . 2010-01-14 02:09 15086 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{F3A482EC-55E0-48FA-A408-F40FDF265181}\ARPPRODUCTICON.exe
    2009-12-28 02:27 . 2009-11-28 18:32 -------- d-----w- c:\documents and settings\Noah\Application Data\Apple Computer
    2009-12-26 20:32 . 2009-09-09 20:06 69 ----a-w- c:\documents and settings\Noah\jagex_runescape_preferences2.dat
    2009-12-26 17:46 . 2008-07-02 17:16 39 ----a-w- c:\documents and settings\Noah\jagex_runescape_preferences.dat
    2009-12-22 05:21 . 2001-08-23 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2009-12-22 05:20 . 2004-10-21 17:02 81920 ------w- c:\windows\system32\ieencode.dll
    2009-12-19 02:57 . 2009-12-19 02:54 -------- d-----w- c:\documents and settings\Noah\Application Data\GetRightToGo
    2009-12-17 04:50 . 2009-12-17 04:50 -------- d-----w- c:\program files\LightScribe Template Labeler
    2009-12-17 04:18 . 2009-12-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
    2009-12-17 04:07 . 2009-12-17 04:07 -------- d-----w- c:\program files\Common Files\LightScribe
    2009-12-17 03:53 . 2009-12-17 03:51 -------- d-----w- c:\documents and settings\Dad\Application Data\InfraRecorder
    2009-12-17 03:34 . 2009-12-17 03:34 -------- d-----w- c:\program files\InfraRecorder
    2009-12-16 20:42 . 2010-01-03 22:35 872960 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-16 20:42 . 2010-01-03 22:35 43008 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-16 20:42 . 2010-01-03 22:35 340480 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-16 20:41 . 2010-01-03 22:35 346624 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\ya3b558h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-16 04:52 . 2006-01-14 04:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-16 00:16 . 2009-02-21 21:09 -------- d-----w- c:\documents and settings\Avery\Application Data\U3
    2009-12-14 13:02 . 2007-02-21 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
    2009-12-11 02:48 . 2008-04-25 21:45 2605832 -c--a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\chicktionary_s1_l1_gF46T1L1_d198220614.exe
    2009-12-07 14:10 . 2010-02-05 13:33 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
    2009-12-04 05:11 . 2009-06-05 09:24 19072 ----a-w- c:\windows\system32\drivers\srvkp.sys
    2009-12-04 03:12 . 2009-12-04 02:29 1324 -c--a-w- c:\documents and settings\Mom\Local Settings\Application Data\d3d9caps.tmp
    2009-11-25 03:35 . 2009-11-25 03:35 65000 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-11-22 20:01 . 2005-11-13 16:32 91480 -c--a-w- c:\documents and settings\Avery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-19 17:48 . 2009-11-29 20:07 872960 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-11-19 17:48 . 2009-11-28 18:09 872960 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-11-19 17:48 . 2009-11-27 16:11 872960 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-11-19 17:48 . 2009-11-29 20:07 43008 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-11-19 17:48 . 2009-11-28 18:09 43008 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-11-19 17:48 . 2009-11-27 16:11 43008 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-11-19 17:48 . 2009-11-29 20:07 340480 -c--a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-11-19 17:48 . 2009-11-28 18:09 340480 -c--a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-11-19 17:48 . 2009-11-27 16:11 340480 -c--a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-11-19 17:48 . 2009-11-29 20:07 346624 ----a-w- c:\documents and settings\Avery\Application Data\Mozilla\Firefox\Profiles\jld35bkp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-19 17:48 . 2009-11-28 18:09 346624 ----a-w- c:\documents and settings\Noah\Application Data\Mozilla\Firefox\Profiles\jnundwy5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-19 17:48 . 2009-11-27 16:11 346624 ----a-w- c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-12 23:07 . 2009-11-12 23:07 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2004-10-22 544768]
    Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-12-3 262144]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2010 7:34 AM 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/4/2010 11:31 PM 163280]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/4/2010 11:31 PM 19024]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 7:30 AM 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 7:30 AM 476528]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1184912]
    S2 gupdate1c9b72e8bd6313e;Google Update Service (gupdate1c9b72e8bd6313e);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 9:11 PM 133104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-11-20 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

    2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2010-02-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 03:41]

    2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 03:11]

    2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 03:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cnn.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
    FF - component: c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\52dyvbg7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
    FF - plugin: c:\program files\Picasa2\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-10 02:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%T%`*]
    @Class="Shell"

    [HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%T%`*\OpenWithList]
    @Class="Shell"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(560)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2010-02-10 02:54:27
    ComboFix-quarantined-files.txt 2010-02-10 08:54

    Pre-Run: 99,767,488,512 bytes free
    Post-Run: 100,273,197,056 bytes free

    - - End Of File - - 019C5F1D10735E6B7FC6FC7A7180CBB4
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Looks good.

    How is computer doing?

    =================================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Thanks for the help so far. It rebooted on me last night while running Malwarebytes but has been going strong since running it, and the other diagnostics, this morning. Have you seen anything in the reports that you think could have caused the random shutdowns? The AdwCleaner report is below, I'll attach the others in separate posts.

    AdwCleaner report:

    # AdwCleaner v2.011 - Logfile created 12/02/2012 at 20:52:50
    # Updated 02/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Dad - VANDELAY-2112
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Avery Z\Application Data\Mozilla\Firefox\Profiles\c8exgxfi.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Mom Z\Application Data\Mozilla\Firefox\Profiles\k15jj8n0.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Noah Z\Application Data\Mozilla\Firefox\Profiles\h9ry0wl7.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Dad Z\Application Data\Mozilla\Firefox\Profiles\0gj2stje.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\Music & Pics\Application Data\Mozilla\Firefox\Profiles\sv4z94ie.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.95

    File : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Documents and Settings\Avery Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Documents and Settings\Noah Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Documents and Settings\Dad Z\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Documents and Settings\Music & Pics\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2480 octets] - [02/12/2012 20:52:50]

    ########## EOF - C:\AdwCleaner[S1].txt - [2540 octets] ##########
     
  12. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    OTL report (part 1 of 2):

    OTL logfile created on: 12/2/2012 8:59:40 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    479.48 Mb Total Physical Memory | 128.79 Mb Available Physical Memory | 26.86% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.56% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128.00 Gb Total Space | 66.84 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
    Drive E: | 21.04 Gb Total Space | 6.25 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

    Computer Name: VANDELAY-2112 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/02 20:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    PRC - [2012/12/02 02:07:08 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    PRC - [2010/09/03 00:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
    PRC - [2008/06/27 14:54:12 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/02 14:11:32 | 002,036,224 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12120200\algo.dll
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/12/08 03:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    MOD - [2010/12/08 03:23:52 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
    MOD - [2010/12/08 03:23:50 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
    MOD - [2010/12/08 03:23:50 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
    MOD - [2009/11/19 10:20:44 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/11/19 10:20:42 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/11/19 10:20:42 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2008/04/01 20:10:17 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2012/12/02 02:07:08 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/13 18:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2010/09/03 00:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
    SRV - [2007/12/16 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2007/01/10 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver)
    DRV - File not found [Kernel | Disabled | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
    DRV - File not found [Kernel | Disabled | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dad\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/07/21 14:10:21 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/21 20:27:41 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/21 20:27:41 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/12/03 23:11:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2009/12/03 23:10:59 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/07/03 10:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2006/02/14 16:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
    DRV - [2004/06/21 02:53:20 | 000,626,204 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2004/02/23 21:08:52 | 000,400,384 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2002/07/10 09:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_en
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\kohler\View22\Version 3.10.50\NPView22.dll File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/17 21:22:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/02 01:54:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/02 01:54:36 | 000,000,000 | ---D | M]

    [2010/02/15 18:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
    [2012/11/18 16:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\extensions
    [2012/05/16 20:47:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6qvqm652.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/08/27 21:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2006/11/06 19:38:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/08/24 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012/07/13 18:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/02/27 12:08:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2007/03/09 13:23:10 | 000,532,480 | ---- | M] (Move Networks) -- C:\Program Files\mozilla firefox\plugins\npmnqmp07030901.dll
    [2012/07/13 18:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 18:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gears.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Avery Z\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Noah Z\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Dad Z\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Dad Z\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - homepage: http://www.google.com
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: MoveNetworks Quantum Media Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmnqmp07030901.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
  13. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    OTL report (part 2 of 2):

    O1 HOSTS File: ([2010/02/10 23:00:44 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKU\S-1-5-21-117609710-1383384898-682003330-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
    O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
    O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://hyvee.lifepics.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail111a.urscorp.com/iNotes6W.cab (iNotes6 Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223764482484 (MUWebControl Class)
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32BF7BE-3FBC-4AEC-9F7A-040199D17247}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2004/10/21 10:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/02 20:50:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    [2012/12/02 20:16:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/12/02 20:14:51 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/12/02 20:13:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/12/02 20:06:04 | 005,009,299 | R--- | C] (Swearware) -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    [2012/12/02 18:49:08 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
    [2012/12/02 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\RK_Quarantine
    [2012/12/02 02:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [2012/12/02 02:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    [2012/12/02 02:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2012/12/02 01:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2012/12/02 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/12/02 00:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Nico Mak Computing
    [2012/12/02 00:49:00 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/12/02 20:57:21 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/12/02 20:57:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/12/02 20:56:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/02 20:55:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/12/02 20:53:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/02 20:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    [2012/12/02 20:06:21 | 005,009,299 | R--- | M] (Swearware) -- C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    [2012/12/02 19:14:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\MBR.dat
    [2012/12/02 18:49:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
    [2012/12/02 18:42:20 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\RogueKiller.exe
    [2012/12/02 13:18:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/12/02 02:08:43 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/12/02 01:54:07 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2012/12/01 13:05:41 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/11/17 21:22:05 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/11/17 16:34:57 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/04 19:45:42 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/11/04 19:45:42 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2012/12/02 19:14:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\MBR.dat
    [2012/12/02 18:42:13 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\RogueKiller.exe
    [2012/12/02 02:08:43 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/12/02 01:54:07 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2012/08/25 13:11:10 | 000,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/08/24 22:24:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/08 19:32:39 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\Dad\schedule.ini
    [2011/04/08 19:32:39 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Dad\winsched.hd
    [2011/03/22 20:42:51 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/02/16 21:36:57 | 000,009,343 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Comma Separated Values (Windows).EML
    [2010/02/16 21:36:11 | 000,037,749 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Comma Separated Values (Windows).ADR
    [2008/10/22 20:26:42 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Dad\g2mdlhlpx.exe
    [2006/12/26 20:16:09 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
    [2006/10/08 20:19:12 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2004/10/29 08:22:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/10/25 09:12:25 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

    ========== ZeroAccess Check ==========

    [2009/02/19 21:00:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/21 23:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/02/04 23:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2005/09/11 20:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
    [2011/03/22 20:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2009/08/23 08:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/07/25 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/08/28 20:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2012/03/01 20:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
    [2012/02/14 21:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
    [2009/08/23 08:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2012/02/25 00:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vernier
    [2011/01/11 00:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/20 21:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/04/28 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\EPSON
    [2010/06/29 09:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\Facebook
    [2011/12/10 11:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\TaxCut
    [2010/08/11 10:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Avery Z\Application Data\Thunderbird
    [2012/03/01 20:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Canon
    [2012/08/25 10:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\EPSON
    [2010/02/27 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Foxit
    [2010/02/14 22:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GARMIN
    [2010/08/15 15:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\InfraRecorder
    [2012/12/02 01:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nico Mak Computing
    [2011/04/17 22:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\pdf995
    [2012/03/18 13:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\TaxCut
    [2010/03/24 15:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Canon
    [2012/02/20 21:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\DeductionPro 2009
    [2012/10/23 19:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\EPSON
    [2012/04/23 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\ESRI
    [2010/05/12 22:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Facebook
    [2010/06/27 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Foxit Software
    [2009/10/14 17:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\GARMIN
    [2010/08/15 15:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\InfraRecorder
    [2010/04/11 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\pdf995
    [2012/02/14 22:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\TaxCut
    [2010/03/08 21:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad Z\Application Data\Thunderbird
    [2007/04/05 20:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\pdf995
    [2012/07/07 11:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\Foxit Software
    [2010/06/27 19:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\pdf995
    [2012/04/08 19:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\TaxCut
    [2010/07/23 14:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom Z\Application Data\Thunderbird
    [2012/11/25 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Music & Pics\Application Data\Amazon
    [2010/09/06 08:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Music & Pics\Application Data\pdf995
    [2012/08/09 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\.minecraft
    [2011/01/18 15:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\EPSON
    [2010/07/24 14:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\FOG Downloader
    [2011/08/04 18:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\KingsIsle Entertainment
    [2010/09/18 15:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\My Battle for Middle-earth(tm) II Files
    [2010/09/06 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\pdf995
    [2010/06/09 15:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\Thunderbird
    [2011/01/18 17:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noah Z\Application Data\Unity

    ========== Purity Check ==========



    < End of report >
  14. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Extras report:

    OTL Extras logfile created on: 12/2/2012 8:59:40 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    479.48 Mb Total Physical Memory | 128.79 Mb Available Physical Memory | 26.86% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.56% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128.00 Gb Total Space | 66.84 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
    Drive E: | 21.04 Gb Total Space | 6.25 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

    Computer Name: VANDELAY-2112 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Disabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
    "G:\Maple\bin.win\mserver.exe" = G:\Maple\bin.win\mserver.exe:*:Disabled:mserver
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
    "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
    "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D81E6DE-83D3-4FAF-824C-7B3BB92D61F0}" = H&R Block Nebraska 2009
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
    "{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer Desktop
    "{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{7F67A6AE-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
    "{7F67A6AF-414C-11D4-9F71-00C04F6BDDB9}" = VBA (3821b)
    "{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
    "{8D07C507-69A7-4AFD-9242-8A3C596C6DC9}" = H&R Block Nebraska 2010
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
    "{A149DEA2-1D5B-11D5-9F76-00C04F6BC7A1}" = ArcGIS Desktop
    "{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard 2003
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A48C9C07-1DE1-4476-8997-AA6290F94D09}" = EclipseCrossword
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
    "{DD1C903B-C75E-446A-9C09-19EFE9D101DD}" = LoggerPro3
    "{DF5A8D64-0B50-46D7-B85D-E66CE690092C}" = WOT for Internet Explorer
    "{E3B8F189-2C19-473F-811B-1748187F98E2}" = ArcGIS Tutorial Data
    "{E4A065AE-49E5-4F00-8A6E-41494C0D71E1}" = ArcGIS ArcObjects Developer Kit
    "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
    "{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin
    "{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F654CA77-407B-4BC6-8C30-25ACFA581AD0}" = H&R Block Nebraska 2011
    "{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop
    "avast" = avast! Free Antivirus
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CCleaner" = CCleaner
    "CorelDRAW 10" = CorelDRAW 10
    "CSCLIB" = Canon Camera Support Core Library
    "Diamond Scheduler Multidivision Approach 1 (Movie)_is1" = Diamond Scheduler Multidivision Approach 1
    "Diamond Scheduler Multidivision Approach 2 (Movie)_is1" = Diamond Scheduler Multidivision Approach 2
    "Diamond Scheduler Multidivision Approach 3 (Movie)_is1" = Diamond Scheduler Multidivision Approach 3
    "Diamond Scheduler_is1" = Diamond Scheduler 6
    "DPP" = Canon Utilities Digital Photo Professional 3.4
    "EOS Utility" = Canon Utilities EOS Utility
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Foxit Reader" = Foxit Reader
    "GermanNow" = GermanNow
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "GrammarPro" = GrammarPro
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InfraRecorder" = InfraRecorder
    "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
    "InstallShield_{DD1C903B-C75E-446A-9C09-19EFE9D101DD}" = Logger Pro 3.8.2
    "LeagueWorks for Little League" = LeagueWorks for Little League
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mia2" = Mia2
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2006b" = Microsoft Money 2006
    "Move Player_is1" = Move Networks Player for Firefox
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera" = Canon Utilities MyCamera
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PC Alert 4" = PC Alert 4
    "Pdf995" = Pdf995 (installed by TaxCut)
    "PdfEdit995" = PdfEdit995 (installed by TaxCut)
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Rush Screensaver" = Rush Screensaver
    "SiS VGA Driver" = SiS VGA Utilities
    "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
    "SurferNETWORK Player" = SurferNETWORK Player
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "Windows CE Services" = Microsoft ActiveSync 3.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.0.0.320

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/24/2012 1:10:25 AM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
    Description = Hanging application E_FARNFCA.EXE, version 5.0.5.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/25/2012 1:54:25 AM | Computer Name = VANDELAY-2112 | Source = .NET Runtime Optimization Service | ID = 1101
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Failed to compile: C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe .
    Error code = 0x80131047

    Error - 8/26/2012 9:22:05 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/27/2012 11:40:33 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/30/2012 10:05:08 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
    Description = Faulting application infrarecorder.exe, version 0.50.0.0, faulting
    module infrarecorder.exe, version 0.50.0.0, fault address 0x00020ed3.

    Error - 9/4/2012 9:36:08 PM | Computer Name = VANDELAY-2112 | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/30/2012 12:25:32 AM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.7.1, faulting module
    cryptnet.dll, version 5.131.2600.5512, fault address 0x0000456a.

    Error - 9/30/2012 12:26:56 AM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
    Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
    cryptnet.dll, version 5.131.2600.5512, fault address 0x0000456a.

    Error - 10/8/2012 11:02:46 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1000
    Description = Faulting application setup.exe, version 22.0.1229.92, faulting module
    setup.exe, version 22.0.1229.92, fault address 0x000968f9.

    Error - 10/23/2012 9:38:05 PM | Computer Name = VANDELAY-2112 | Source = Application Error | ID = 1004
    Description = Faulting application setup.exe, version 22.0.1229.92, faulting module
    setup.exe, version 22.0.1229.92, fault address 0x000968f9.

    [ System Events ]
    Error - 11/17/2012 11:29:50 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 11/18/2012 3:01:10 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 11/20/2012 10:12:23 PM | Computer Name = VANDELAY-2112 | Source = DCOM | ID = 10010
    Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
    with DCOM within the required timeout.

    Error - 12/2/2012 1:49:58 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 12/2/2012 2:24:42 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 12/2/2012 2:29:03 AM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 12/2/2012 12:50:44 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2

    Error - 12/2/2012 10:13:39 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7034
    Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 12/2/2012 10:13:39 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7034
    Description = The EPSON V5 Service4(01) service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 12/2/2012 10:57:13 PM | Computer Name = VANDELAY-2112 | Source = Service Control Manager | ID = 7000
    Description = The PCAlertDriver service failed to start due to the following error:
    %%2


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    You had one infected system file which Combofix replaced.

    Uninstall McAfee Security Scan, typical foistware.

    ================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
      SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
      O3 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
      O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
      O15 - HKU\S-1-5-21-117609710-1383384898-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
      O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell - "" = AutoRun
      O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Symantec
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Do I remove McAfee with OTL or from control panel?
  17. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Control Panel>Add\Remove
  18. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    OTL custom scan/fix report:

    All processes killed
    ========== OTL ==========
    Service LiveUpdate stopped successfully!
    Service LiveUpdate deleted successfully!
    File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE not found.
    Service Automatic LiveUpdate Scheduler stopped successfully!
    Service Automatic LiveUpdate Scheduler deleted successfully!
    File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
    Registry value HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-117609710-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control ppctlcab
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ppctlcab\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ppctlcab\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f724ae36-005b-11de-8a75-0011096460bd}\ not found.
    File F:\LaunchU3.exe -a not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Symantec\LiveUpdate folder moved successfully.
    C:\Program Files\Symantec folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Avery Z
    ->Temp folder emptied: 70247610 bytes
    ->Temporary Internet Files folder emptied: 14341768 bytes
    ->Java cache emptied: 2056634 bytes
    ->FireFox cache emptied: 194375713 bytes
    ->Google Chrome cache emptied: 65095597 bytes
    ->Flash cache emptied: 53620 bytes

    User: Dad
    ->Temp folder emptied: 31401205 bytes
    ->Temporary Internet Files folder emptied: 5490650 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 210314715 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3095 bytes

    User: Dad Z
    ->Temp folder emptied: 89836072 bytes
    ->Temporary Internet Files folder emptied: 278375488 bytes
    ->Java cache emptied: 236915 bytes
    ->FireFox cache emptied: 440599331 bytes
    ->Google Chrome cache emptied: 397971399 bytes
    ->Flash cache emptied: 158366 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mom Z
    ->Temp folder emptied: 3205956 bytes
    ->Temporary Internet Files folder emptied: 42018546 bytes
    ->Java cache emptied: 389564 bytes
    ->FireFox cache emptied: 307612836 bytes
    ->Flash cache emptied: 37884 bytes

    User: Music & Pics
    ->Temp folder emptied: 135283041 bytes
    ->Temporary Internet Files folder emptied: 279534972 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 91125183 bytes
    ->Google Chrome cache emptied: 7120335 bytes
    ->Flash cache emptied: 5645 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Noah Z
    ->Temp folder emptied: 752234442 bytes
    ->Temporary Internet Files folder emptied: 19632354 bytes
    ->Java cache emptied: 11127024 bytes
    ->FireFox cache emptied: 314609572 bytes
    ->Google Chrome cache emptied: 401110120 bytes
    ->Flash cache emptied: 1974604 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2942827 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 373584471 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2077800 bytes
    RecycleBin emptied: 21424 bytes

    Total Files Cleaned = 4,336.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Avery Z
    ->Java cache emptied: 0 bytes

    User: Dad
    ->Java cache emptied: 0 bytes

    User: Dad Z
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Mom Z
    ->Java cache emptied: 0 bytes

    User: Music & Pics
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: Noah Z
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Avery Z
    ->Flash cache emptied: 0 bytes

    User: Dad
    ->Flash cache emptied: 0 bytes

    User: Dad Z
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mom Z
    ->Flash cache emptied: 0 bytes

    User: Music & Pics
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Noah Z
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12022012_220623

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  19. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Security check report:

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    SUPERAntiSpyware Free Edition
    Malwarebytes Anti-Malware version 1.65.1.1000
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 34
    Java 7 Update 9
    Java 2 Runtime Environment, SE v1.4.2_01
    Adobe Flash Player 11.5.502.110
    Mozilla Firefox (for.)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    ````````Process Check: objlist.exe by Laurent````````
    Alwil Software Avast5 AvastSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  20. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    FSS report:

    Farbar Service Scanner Version: 01-12-2012 02
    Ran by Dad (administrator) on 02-12-2012 at 22:54:43
    Running from "C:\Documents and Settings\Dad\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x080000000500000001000000020000000300000004000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
  21. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    Ran TFC and ESET Online Scanner. ESET found no threats. I called it a night while ESET was running and this morning the computer was still on without having reset. Woo-hoo!
  22. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  23. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    OTL restore point report:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Avery Z
    ->Temp folder emptied: 214 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41329807 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Dad
    ->Temp folder emptied: 1674 bytes
    ->Temporary Internet Files folder emptied: 8143297 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 32698585 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2324 bytes

    User: Dad Z
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mom Z
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Music & Pics
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Noah Z
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 573 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 160639 bytes

    Total Files Cleaned = 79.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Avery Z
    ->Flash cache emptied: 0 bytes

    User: Dad
    ->Flash cache emptied: 0 bytes

    User: Dad Z
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mom Z
    ->Flash cache emptied: 0 bytes

    User: Music & Pics
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Noah Z
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Avery Z
    ->Java cache emptied: 0 bytes

    User: Dad
    ->Java cache emptied: 0 bytes

    User: Dad Z
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Mom Z
    ->Java cache emptied: 0 bytes

    User: Music & Pics
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: Noah Z
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 12032012_193720

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  24. j2z

    j2z Newcomer, in training Topic Starter Posts: 40

    I completed all the remaining steps to clean, update, and add as listed. So far so good, but I'll post again after logging in under the other users I had set up. Hopefully this takes care of my issue . . . I was really hoping it wasn't a board or power supply issue. Thanks so much for your time and help Broni.
  25. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.