TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Andy k on March 15, 2011, 09:47:56 PM
-
I was just passed this laptop by a friend of mine who can't identify where or when the problem started. What I have found, so far, is that any attempt to open any .exe file results in the error message "The system could not find the environment option that was entered". Java and Adobe are unable to update. Windows updates fail to work and revert back. And finally my attempt to install Hijackthis is prevented by an error message that notes that Administrator settings don't allow it to install. I'll attempt to run Hijackthis from a thumbdrive while waiting for further instructions.
Thanks for all your previous, and any future help. You have been a lifesaver.
Andy K
-
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
Don't run it yet
Please download Rkill by Grinler from one of these links:
Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
Save Rkill to your Desktop.
Double-click on Rkill to run it.
Note: If the first one does not run successfully, download and try the other copies (with a different file extensions) and see if one of them will run.
If you can have one run
- Double click on OTL.exe to run it
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
-
No dice. none of the other file extensions would open either. Same with OldTimer
-
To further clarify, it seems that all Administrator privileges are inaccessible. Any program that starts to run, generally ends up saying that you must have Admin access to continue and shuts the program down.
The OS is Vista and I don't have a boot disc but I can probably get one if I need to.
-
What happens if you right click on OTL.exe and choose to "Run as Administrator"
Will it then run?
-
No, It displays and error message showing the file path and then the same The system could not find the environment option that was entered
-
What happens if you boot to Safe mode, can you run any of the tools?
-
That's working. I'm running OTL now
-
OTL logfile created on: 3/18/2011 2:07:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.30 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (seclogon)
SRV - File not found [On_Demand | Stopped] -- -- (QWAVE)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/22 19:36:18 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 14:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 01:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - [2010/11/02 02:03:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/03/20 15:37:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080623.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/05 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/05 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/11/05 04:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/11/05 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVENG.SYS -- (NAVENG)
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 17:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "search"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/05/15 13:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/05/16 02:52:05 | 000,000,000 | ---D | M]
[2010/12/17 18:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions
[2009/11/26 05:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/26 05:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/06 04:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/06 04:26:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/15 13:32:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/08/24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2011/03/01 21:07:11 | 000,002,732 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 64.46.38.209 www.google.com
O1 - Hosts: 64.46.38.209 google.com
O1 - Hosts: 64.46.38.209 google.com.au
O1 - Hosts: 64.46.38.209 www.google.com.au
O1 - Hosts: 64.46.38.209 google.be
O1 - Hosts: 64.46.38.209 www.google.be
O1 - Hosts: 64.46.38.209 google.com.br
O1 - Hosts: 64.46.38.209 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [LaunchRCApp] C:\NPM\RCApp.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O24 - Desktop WallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 360 Days ==========
[2011/03/18 14:06:43 | 000,000,000 | ---D | C] -- C:\Users\mark\WPDNSE
[2011/03/18 14:05:57 | 000,000,000 | ---D | C] -- C:\Users\mark\RarSFX0
[2011/03/16 00:32:33 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:22:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\mark\hsperfdata_mark
[2011/03/15 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\mark\MUI
[2011/03/15 22:01:12 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\U3
[2011/03/15 21:51:57 | 008,588,616 | ---- | C] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:12:05 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:06:50 | 001,834,738 | ---- | C] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/01 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Malwarebytes
[2011/03/01 20:24:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/01 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/01 20:24:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/01 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/25 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/01/25 22:49:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/01/25 22:49:40 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/01/25 22:49:40 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/01/25 22:43:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/01/05 18:41:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIEEAJES
[2011/01/05 18:38:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\7708de
[2010/12/16 03:08:04 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/16 03:08:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/16 03:08:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/16 03:07:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/16 03:07:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/05 13:09:44 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate01.exe
[2010/11/30 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\mark\Adobe
[2010/11/29 22:57:37 | 000,000,000 | ---D | C] -- C:\NPM
[2010/11/15 05:19:31 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/11/02 02:11:04 | 002,826,192 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate.exe
[2010/11/01 16:10:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/11/01 16:10:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/11/01 16:10:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/11/01 16:10:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/11/01 16:10:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/20 13:58:35 | 000,000,000 | ---D | C] -- C:\Users\mark\Low
[5 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files - Modified Within 360 Days ==========
[2011/03/18 14:06:37 | 000,031,832 | ---- | M] () -- C:\Users\mark\mark.bmp
[2011/03/18 14:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 14:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 14:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 14:00:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C57A08DE-7FF9-475F-A02F-CD7A07009B0C}.job
[2011/03/18 13:39:39 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/16 00:32:33 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:23:32 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:10 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:39 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:43:03 | 000,058,760 | ---- | M] () -- C:\Users\mark\symlcsv1.exe
[2011/03/15 22:31:14 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:52:19 | 008,588,616 | ---- | M] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:51:09 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/15 21:51:09 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/15 21:50:53 | 000,001,340 | ---- | M] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:34 | 001,402,880 | ---- | M] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:12:19 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:08:58 | 001,834,738 | ---- | M] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/15 21:06:53 | 000,000,000 | ---- | M] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/01 21:07:11 | 000,002,732 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/01 20:54:41 | 000,001,356 | ---- | M] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/05 13:09:44 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate01.exe
[2010/11/02 23:08:49 | 058,762,192 | ---- | M] () -- C:\Users\mark\WERC523.tmp.hdmp
[2010/11/02 02:11:04 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate.exe
[2010/11/02 02:03:15 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/11/02 02:03:15 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/11/02 02:03:15 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/28 10:02:24 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/28 08:03:07 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/28 07:56:58 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 05:26:19 | 000,001,460 | ---- | M] () -- C:\Users\mark\wmplog08.sqm
[2010/10/18 09:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/10/06 02:59:27 | 000,001,464 | ---- | M] () -- C:\Users\mark\wmplog07.sqm
[2010/09/20 04:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/07/08 18:43:52 | 000,001,588 | ---- | M] () -- C:\Users\mark\wmplog06.sqm
[2010/06/28 07:03:20 | 000,001,428 | ---- | M] () -- C:\Users\mark\wmplog05.sqm
[2010/06/28 06:47:17 | 000,001,464 | ---- | M] () -- C:\Users\mark\wmplog04.sqm
[2010/06/16 10:12:25 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/08 14:26:20 | 000,001,692 | ---- | M] () -- C:\Users\mark\wmplog03.sqm
[2010/06/08 03:44:56 | 000,001,508 | ---- | M] () -- C:\Users\mark\wmplog02.sqm
[2010/05/27 02:15:44 | 000,001,428 | ---- | M] () -- C:\Users\mark\wmplog01.sqm
[2010/05/24 04:06:01 | 000,001,736 | ---- | M] () -- C:\Users\mark\wmplog00.sqm
[5 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/16 00:23:28 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:06 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:33 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:50:53 | 000,001,340 | ---- | C] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:21 | 001,402,880 | ---- | C] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:06:53 | 000,000,000 | ---- | C] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/02 19:24:17 | 000,058,760 | ---- | C] () -- C:\Users\mark\symlcsv1.exe
[2011/01/11 01:12:22 | 000,000,279 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/11/02 23:08:16 | 058,762,192 | ---- | C] () -- C:\Users\mark\WERC523.tmp.hdmp
[2010/10/21 05:26:19 | 000,001,460 | ---- | C] () -- C:\Users\mark\wmplog08.sqm
[2010/10/06 02:59:27 | 000,001,464 | ---- | C] () -- C:\Users\mark\wmplog07.sqm
[2010/07/08 18:43:52 | 000,001,588 | ---- | C] () -- C:\Users\mark\wmplog06.sqm
[2010/06/28 07:03:20 | 000,001,428 | ---- | C] () -- C:\Users\mark\wmplog05.sqm
[2010/06/28 06:47:17 | 000,001,464 | ---- | C] () -- C:\Users\mark\wmplog04.sqm
[2010/06/08 14:26:20 | 000,001,692 | ---- | C] () -- C:\Users\mark\wmplog03.sqm
[2010/06/08 03:44:56 | 000,001,508 | ---- | C] () -- C:\Users\mark\wmplog02.sqm
[2010/05/27 02:15:44 | 000,001,428 | ---- | C] () -- C:\Users\mark\wmplog01.sqm
[2010/05/24 04:06:01 | 000,001,736 | ---- | C] () -- C:\Users\mark\wmplog00.sqm
[2010/05/20 14:01:51 | 000,031,832 | ---- | C] () -- C:\Users\mark\mark.bmp
[2008/12/31 15:57:23 | 000,001,356 | ---- | C] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2008/10/30 22:33:20 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/30 22:33:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/15 13:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/15 13:27:44 | 000,000,000 | ---- | C] () -- C:\Users\mark\AppData\Roaming\wklnhst.dat
[2008/05/15 12:40:20 | 000,003,584 | ---- | C] () -- C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 17:15:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,312,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
OTL Extras logfile created on: 3/18/2011 2:07:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.30 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{07F0ED00-9FD9-4691-ACF1-14513B50A265}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{12717326-5410-44F1-926F-4F724A277FC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2A1A24FA-B14A-4329-987E-390D55A05FCC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3F154F53-D869-4A26-99BC-E6CC98AFBD1E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4249D7A5-EEC9-401A-80EE-D368F63C57BF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5E66FD85-E4DD-4282-A960-63A599574477}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{988591FC-FF31-4ECA-9ED0-4599A857FA4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C0DE6BEF-2EDD-4D2B-9472-8D374551A3DE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CB8E5433-1536-41EA-9D39-63612E2C6842}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC8556BE-7202-420F-B169-40E21FAF90A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F467A6DF-3FB8-4DB1-AE6C-F705C7407610}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F630DBD8-A6E1-4DCD-BE5A-1B0842253205}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FEB9B56A-1EBF-405E-84C6-2E949E7EAAEE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0CECB9FD-EDC1-4DCC-96C0-8D7F2DB58DBA}C:\programdata\7708de\pi770_2164.exe" = protocol=6 | dir=in | app=c:\programdata\7708de\pi770_2164.exe |
"UDP Query User{851F16C0-FE1E-4C94-98F5-6EBD8A39A411}C:\programdata\7708de\pi770_2164.exe" = protocol=17 | dir=in | app=c:\programdata\7708de\pi770_2164.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{09A80604-AE3E-495B-AF6E-E77DF3FE5040}" = SymNet
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50916B63-E173-450E-80C9-B9FC39B664D9}" = Symantec Real Time Storage Protection Component
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSNINST" = MSN
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/15/2011 10:23:38 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.8.20061.1023 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14a4 Start Time: 01cbe38079f5bd10 Termination Time: 312
Error - 3/15/2011 10:36:33 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.8.20061.1023 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13a0 Start Time: 01cbe38133194eb0 Termination Time: 47
Error - 3/15/2011 11:01:33 PM | Computer Name = mark-PC | Source = Application Error | ID = 1000
Description = Faulting application EverNote.exe, version 2.2.1.387, time stamp 0x476917cf,
faulting module EverNote.exe, version 2.2.1.387, time stamp 0x476917cf, exception
code 0xc0000005, fault offset 0x003c8012, process id 0x14b0, application start time
0x01cbe3867046c4c0.
Error - 3/15/2011 11:27:32 PM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/15/2011 11:32:21 PM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/15/2011 11:41:58 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 320 Start Time: 01cbe38b46594d40 Termination Time: 0
Error - 3/16/2011 1:16:36 AM | Computer Name = mark-PC | Source = EventSystem | ID = 4609
Description =
Error - 3/16/2011 1:17:08 AM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/16/2011 1:17:46 AM | Computer Name = mark-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 3/16/2011 1:20:06 AM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11/2/2010 3:01:11 AM | Computer Name = mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154
[ System Events ]
Error - 3/18/2011 3:03:40 PM | Computer Name = mark-PC | Source = HTTP | ID = 15016
Description =
Error - 3/18/2011 3:05:33 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:41 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:44 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:45 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
< End of report >
-
If your in Safe mode, can you try booting to Safe mode with Networking
Then open Malwarebytes Anti-Malware
Check for updates, if there is a program update, let it install
Recheck for updates till you have them all
Then open the Scanner tab and perform a Quick Scan
Then, When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
In addition: run OTL.exe again, this time run a Quick Scan and post it's new log
-
I'm only getting LOCAL access on the network while in Safe Mode with Networking. Not sure how to fix that. Do want the logs anyway?
-
Are you on a Wireless network? If so, is it possible to hook up with A cable connection?
-
I'm still only getting local access even when hard wired
-
If you don't think that Malwarebytes is up to date
Close Malwarebytes
I assume you are on a different computer, do you have a thumbdrive
Manually download the updates, and transfer them to this computer
run the updater
After updating, reopen Malwarebytes then run the scan
Link to Manual updates
http://data.mbamupdates.com/tools/mbam-rules.exe
-
well, I'm not sure how I did it, but I ran CCcleaner in safemode to turn off all the start-up programs so I could boot faster and now I'm faced with this.
(http://i4.photobucket.com/albums/y117/Bow2Zeus/uhoh.jpg)
-
What happened to the instructions I posted, results from Malwarebytes and OTL?
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5924
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
3/18/2011 3:41:50 PM
mbam-log-2011-03-18 (15-41-50).txt
Scan type: Quick scan
Objects scanned: 152206
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 3/18/2011 3:49:03 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 505.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.34 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 1.39 Gb Free Space | 18.65% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARK-PC | User Name: mark | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (seclogon)
SRV - File not found [On_Demand | Stopped] -- -- (QWAVE)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/22 19:36:18 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 14:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 01:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/02 02:03:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/03/20 15:37:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080623.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/05 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/05 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/11/05 04:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/11/05 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVENG.SYS -- (NAVENG)
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 17:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-996093579-3649004309-657914653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.thetechguide.com/forum/index.php?/topic/88941-unidentified-system-lockout-of-all-exe-programs/page__gopid__477350&#entry477350"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/05/15 13:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/05/16 02:52:05 | 000,000,000 | ---D | M]
[2011/03/18 14:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions
[2009/11/26 05:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/26 05:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/06 04:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/06 04:26:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/15 13:32:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/08/24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2011/03/01 21:07:11 | 000,002,732 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 64.46.38.209 www.google.com
O1 - Hosts: 64.46.38.209 google.com
O1 - Hosts: 64.46.38.209 google.com.au
O1 - Hosts: 64.46.38.209 www.google.com.au
O1 - Hosts: 64.46.38.209 google.be
O1 - Hosts: 64.46.38.209 www.google.be
O1 - Hosts: 64.46.38.209 google.com.br
O1 - Hosts: 64.46.38.209 www.google.com.br
O1 - Hosts: 39 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-996093579-3649004309-657914653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-996093579-3649004309-657914653-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O24 - Desktop WallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/18 15:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/18 15:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/18 15:35:44 | 000,000,000 | ---D | C] -- C:\Users\mark\WPDNSE
[2011/03/18 14:05:57 | 000,000,000 | ---D | C] -- C:\Users\mark\RarSFX0
[2011/03/16 00:32:33 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:22:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\mark\hsperfdata_mark
[2011/03/15 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\mark\MUI
[2011/03/15 22:01:12 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\U3
[2011/03/15 21:51:57 | 008,588,616 | ---- | C] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:12:05 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:06:50 | 001,834,738 | ---- | C] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/01 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Malwarebytes
[2011/03/01 20:24:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/01 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/01 20:24:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/01 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/18 15:46:55 | 000,268,864 | ---- | M] () -- C:\Users\mark\Documents\cc_20110318_154648.reg
[2011/03/18 15:42:31 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/18 15:35:00 | 000,031,832 | ---- | M] () -- C:\Users\mark\mark.bmp
[2011/03/18 15:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 15:33:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 15:33:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 14:56:37 | 000,001,356 | ---- | M] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2011/03/18 14:30:11 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C57A08DE-7FF9-475F-A02F-CD7A07009B0C}.job
[2011/03/18 14:17:42 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/16 00:32:33 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:23:32 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:10 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:39 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:43:03 | 000,058,760 | ---- | M] () -- C:\Users\mark\symlcsv1.exe
[2011/03/15 22:31:14 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:52:19 | 008,588,616 | ---- | M] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:51:09 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/15 21:51:09 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/15 21:50:53 | 000,001,340 | ---- | M] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:34 | 001,402,880 | ---- | M] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:12:19 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:08:58 | 001,834,738 | ---- | M] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/15 21:06:53 | 000,000,000 | ---- | M] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/01 21:07:11 | 000,002,732 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[6 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/18 15:46:50 | 000,268,864 | ---- | C] () -- C:\Users\mark\Documents\cc_20110318_154648.reg
[2011/03/18 15:42:31 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/16 00:23:28 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:06 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:33 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:50:53 | 000,001,340 | ---- | C] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:21 | 001,402,880 | ---- | C] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:06:53 | 000,000,000 | ---- | C] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/02 19:24:17 | 000,058,760 | ---- | C] () -- C:\Users\mark\symlcsv1.exe
[2008/12/31 15:57:23 | 000,001,356 | ---- | C] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2008/10/30 22:33:20 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/30 22:33:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/15 13:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/15 13:27:44 | 000,000,000 | ---- | C] () -- C:\Users\mark\AppData\Roaming\wklnhst.dat
[2008/05/15 12:40:20 | 000,003,584 | ---- | C] () -- C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 17:15:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,312,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
-
Are you able to open System Restore in safe mode?
Try restoring your computer to a time before problems
Go to START>>In the Search field type rstrui then hit Enter
-
restore got the font back
-
how far did you restore to?
Far enough to see if other problems got fixed?
-
Couldn't read the date of the restore, but the original problems still exist
-
Download ComboFix from the following location
[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop
--------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
Double click on ComboFix.exe & follow the prompts.
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
-
ComboFix 11-03-18.01 - mark 03/18/2011 18:13:49.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.648 [GMT -5:00]
Running from: c:\users\mark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.tmp
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\mark\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\mark\MBX@14B0@2031028.###
c:\users\mark\MBX@14B0@2031038.###
c:\users\mark\MBX@14B0@2031048.###
c:\users\mark\MBX@14B0@2031058.###
c:\users\mark\MBX@14B0@2031068.###
c:\users\mark\MBX@14B0@2031088.###
c:\users\mark\MBX@14B0@2031098.###
c:\users\mark\MBX@14B0@20310B8.###
c:\users\mark\sunv3tbe.exe
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 23:08 . 2011-03-18 23:11 -------- d-----w- C:\32788R22FWJFW
2011-03-18 22:40 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F943BE-7618-45BE-AA73-AAC395804D6D}\mpengine.dll
2011-03-18 20:35 . 2011-03-18 20:35 65536 ----a-w- c:\users\mark\~DF9C4C.tmp
2011-03-18 19:05 . 2011-03-18 19:06 -------- d-----w- c:\users\mark\RarSFX0
2011-03-16 03:48 . 2011-03-16 03:48 -------- d-----w- c:\users\mark\hsperfdata_mark
2011-03-16 03:31 . 2011-03-16 03:31 0 ----atw- c:\windows\system32\config\systemprofile\JETF6AD.tmp
2011-03-16 03:03 . 2011-03-16 03:03 -------- d-----w- c:\users\Public\CyberLink
2011-03-16 03:02 . 2011-03-16 03:02 -------- d-----w- c:\users\mark\MUI
2011-03-16 03:01 . 2011-03-16 03:01 16384 ----a-w- c:\users\mark\~DF66F6.tmp
2011-03-16 03:01 . 2011-03-16 03:03 -------- d-----w- c:\users\mark\AppData\Roaming\U3
2011-03-10 08:34 . 2011-03-10 08:34 0 ----atw- c:\windows\system32\config\systemprofile\JETF1DC.tmp
2011-03-08 08:31 . 2011-03-08 08:31 0 ----atw- c:\windows\system32\config\systemprofile\JETE6A6.tmp
2011-03-03 00:24 . 2011-03-16 03:43 58760 ----a-w- c:\users\mark\symlcsv1.exe
2011-03-02 01:24 . 2011-03-02 01:24 -------- d-----w- c:\users\mark\AppData\Roaming\Malwarebytes
2011-03-02 01:24 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 01:24 . 2011-03-02 01:24 -------- d-----w- c:\programdata\Malwarebytes
2011-03-02 01:24 . 2011-03-02 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 01:24 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 08:30 . 2011-02-28 08:30 0 ----atw- c:\windows\system32\config\systemprofile\JETD96D.tmp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-10-23 20:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-22 17:03 . 2011-01-22 17:03 0 ----a-w- c:\users\mark\~DF3452.tmp
2011-01-06 00:09 . 2011-01-06 00:09 0 ----atw- c:\windows\system32\config\systemprofile\JETDEC9.tmp
2007-08-25 02:52 . 2008-05-15 18:32 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2008-05-15 18:32 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-05-15 18:32 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-05-15 18:32 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-05-15 18:32 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-05-15 18:32 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"LaunchRCApp"="c:\npm\RCApp.exe" [2009-08-03 161136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
c:\users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080623.001\IDSvix86.sys [2008-03-20 261680]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2008-05-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - mark.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{C57A08DE-7FF9-475F-A02F-CD7A07009B0C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 18:20
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(120)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-03-18 18:22:24
ComboFix-quarantined-files.txt 2011-03-18 23:22
.
Pre-Run: 113,702,707,200 bytes free
Post-Run: 113,628,987,392 bytes free
.
- - End Of File - - BF9F0C7F75583150DAD4C12DFF624F0B
-
Are you now in Normal windows?
If not, can you try booting to Normal windows and run a Fresh scan with OTL.exe and post the new log
-
I'm still unable run programs in the normal windows mode. same error message
-
Do you have another user account you can log into and see if there are still problems
If not, can you boot to Safe Mode
Go into the Control Panel>>User Accounts>>Manage Another Account>>Create A New Account>>
Give the account a username and select Administrator
Create account
Restart and log into the new account, are things still bad?
-
When I click on Manage another account, in Safe Mode, the hour glass pops up for a second and then goes away but nothing actually happens. I checked and other applications under the User Accounts are clickable, and I restarted just in case and retried and still nothing.
Edit: The 4 options in User Accounts with the Administrator badge next to them all have the same behavior of doing nothing. For the record, the account that I'm operating under is designated as the Admin
-
earlier I asked you what date you restored the computer too
You couldn't answer that because of a font problem, are you able to now reboot to safe mode
Choose a Restore point before any of these problems?
If you can, and it helps, there will still be a bit of cleaning, let's see if it works however
What is the Exact Make/model of your computer?
-
The restore was from earlier that day. I'll try and find a restore point from a few days ago, but from what the owner told me it's been like this for a while. The computer is a Compac Presario C700 (C762NR to be exact)
Edit: The earliest restore point is only from 4 days ago when I was first handed the computer from my buddy
-
I assume that you don't have the Recovery disks for the laptop, or they were never made, is that correct?
Are you willing just to backup important files/folders and clean install?
It might take less time overall, there is probably a Recovery partition, you can run it from within Windows, but that may not work in your situation
Normally, pressing F11 during startup is a better route
During the process, you may be prompted to backup, but you can do it beforehand
Eg... Pictures/music/bookmarks/email addresses
Are you willing to go that route?
-
Yeah, I don't have the recovery stuff, but there's nothing on here of great importance. I already had him back up the stuff he needed from it just in case. I'll go ahead and F11 it
-
Just in case, you may want to go into Device Manager
Under Network Adapter take note of which Wireless adapter is installed
Sometimes the wireless drivers aren't installed after recovery,
If they aren't, you will know which driver to install from the manufacturers website
Another note: Did Norton's AV come preinstalled on this system?
What version is it?
How much time is left on the subscription?
-
it's allowing me to start a free 60 day trial
everything is back up and working. Any advice on settings or junk to clean off? shall I run a hijackthis scan?
-
Do you want to get rid of Norton's then and use another?
I was thinking something like Microsoft Security Essentials,
If so, why not uninstall it right now, so not to interfere, reboot the computer afterwards
We'll get rid of the residuals later, and get another AV later
Ensure all Drivers are up to date
Check in Device manager what versions of drivers you have installed, check them against the ones on HP's site
http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=2093&lc=en&cc=us&dlc=en&sw_lang=&product=3678779#N459
Then get to Windows Updates and get all latest High Priority updates, including SP1 if not installed, then SP2
Come back here when your all done, run OTL.exe again, post both the logs, we'll look at what we should remove and keep, but maybe update
-
OTL logfile created on: 3/20/2011 11:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.27 Gb Free Space | 77.24% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
Computer Name: PRESSARIOC700 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/20 23:50:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2011/03/05 12:01:34 | 000,102,400 | ---- | M] (Moonchild Productions) -- C:\Program Files\Pale Moon\palemoon.exe
PRC - [2009/04/10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
========== Modules (SafeList) ==========
MOD - [2011/03/20 23:50:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - [2008/02/27 14:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/11 07:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 07:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 17:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.thetechguide.com/forum/index.php?/topic/88941-unidentified-system-lockout-of-all-exe-programs/page__st__20"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.6
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - HKLM\software\mozilla\Pale Moon 3.6.15\extensions\\Components: C:\Program Files\Pale Moon\components [2011/03/20 19:31:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Pale Moon 3.6.15\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2011/03/20 19:31:20 | 000,000,000 | ---D | M]
[2011/03/20 19:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/03/20 19:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\VFJC00V2.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE41}
[2011/03/20 19:43:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\USERS\MARK\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\VFJC00V2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
[2011/03/20 19:43:14 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\USERS\MARK\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\VFJC00V2.DEFAULT\EXTENSIONS\{D33C2F7C-B1E6-4D46-AB0E-BE1F6D05C904}
[2011/03/20 19:43:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\USERS\MARK\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\VFJC00V2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}
[2011/03/20 19:43:15 | 000,000,000 | ---D | M] (Hide Caption Titlebar Plus) -- C:\USERS\MARK\APPDATA\ROAMING\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\VFJC00V2.DEFAULT\EXTENSIONS\[email protected]
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\CompaqTrace.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\CompaqTrace.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 03:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/20 23:50:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011/03/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/20 23:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/20 23:41:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/20 23:39:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/03/20 23:25:05 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011/03/20 23:25:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011/03/20 23:24:39 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/03/20 23:24:39 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/03/20 23:24:39 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/03/20 23:24:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/03/20 23:24:38 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/03/20 23:24:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/03/20 23:24:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/03/20 23:24:37 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/03/20 23:24:37 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/03/20 23:24:37 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/03/20 23:24:37 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/03/20 23:24:37 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/03/20 23:24:37 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/03/20 23:24:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/03/20 23:24:36 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/03/20 23:24:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/03/20 23:24:36 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/03/20 23:24:35 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/03/20 23:24:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/03/20 23:24:35 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/03/20 23:24:33 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/03/20 23:24:33 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/03/20 23:24:33 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/03/20 23:24:33 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/03/20 23:24:33 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/03/20 23:24:33 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011/03/20 23:24:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011/03/20 23:24:32 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/03/20 23:24:32 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/03/20 23:24:32 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/03/20 23:24:32 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/20 23:24:32 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/03/20 23:24:32 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/03/20 23:24:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/20 23:24:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/20 23:24:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/03/20 23:24:32 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/03/20 23:24:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/03/20 23:24:30 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/03/20 23:24:30 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/03/20 23:24:30 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/20 23:24:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/03/20 23:24:30 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/03/20 23:24:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/03/20 23:24:28 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/03/20 23:24:27 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/03/20 23:24:27 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/03/20 23:24:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/03/20 23:24:26 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/03/20 23:24:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/03/20 23:24:25 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/03/20 23:24:25 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/03/20 23:24:25 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/03/20 23:24:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/03/20 23:24:24 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/03/20 23:24:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/03/20 23:24:23 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011/03/20 23:24:23 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/03/20 23:24:23 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011/03/20 23:24:23 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/03/20 23:24:23 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/03/20 23:24:23 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/03/20 23:24:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/03/20 23:24:23 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/03/20 23:24:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/03/20 23:24:22 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/03/20 23:24:22 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/03/20 23:24:22 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/03/20 23:24:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/03/20 23:24:22 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/03/20 23:24:22 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/03/20 23:24:22 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/03/20 23:24:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/03/20 23:24:21 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/03/20 23:24:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/20 23:24:21 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/03/20 23:24:21 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/03/20 23:24:21 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/03/20 23:24:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/03/20 23:24:21 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/03/20 23:24:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/03/20 23:24:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/03/20 23:24:21 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/03/20 23:24:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/20 23:24:20 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/03/20 23:24:20 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011/03/20 23:24:19 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/03/20 23:24:19 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/03/20 23:24:19 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/03/20 23:24:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/03/20 23:24:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/03/20 23:24:18 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/03/20 23:24:15 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/03/20 23:24:12 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/03/20 23:24:11 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/03/20 23:24:08 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/03/20 23:24:08 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/03/20 23:24:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011/03/20 23:24:08 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/03/20 23:24:08 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/03/20 23:24:07 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/03/20 23:24:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/03/20 23:24:07 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/03/20 23:24:07 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/03/20 23:24:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/03/20 23:24:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/03/20 23:24:06 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/03/20 23:24:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/03/20 23:24:05 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/03/20 23:24:05 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/03/20 23:24:05 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/03/20 23:24:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011/03/20 23:24:04 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/03/20 23:24:04 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/03/20 23:24:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/03/20 23:24:02 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/03/20 23:24:01 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/03/20 23:24:01 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/03/20 23:24:01 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/03/20 23:24:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/03/20 23:24:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/03/20 23:24:01 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/03/20 23:24:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/03/20 23:24:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/03/20 23:24:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/03/20 23:24:00 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011/03/20 23:24:00 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/03/20 23:24:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/03/20 23:24:00 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/03/20 23:24:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/03/20 23:24:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/03/20 23:24:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/03/20 23:24:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/03/20 23:24:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/03/20 23:24:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/03/20 23:23:59 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/03/20 23:23:59 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011/03/20 23:23:59 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/03/20 23:23:59 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/03/20 23:23:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/03/20 23:23:59 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/03/20 23:23:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/03/20 23:23:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/03/20 23:23:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/03/20 23:23:59 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/03/20 23:23:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011/03/20 23:23:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/03/20 23:23:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011/03/20 23:23:58 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/03/20 23:23:58 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/03/20 23:23:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/03/20 23:23:57 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011/03/20 23:23:57 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/03/20 23:23:57 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/03/20 23:23:57 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/03/20 23:23:57 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/03/20 23:23:57 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/03/20 23:23:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/03/20 23:23:56 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/03/20 23:23:56 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/03/20 23:23:56 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/03/20 23:23:56 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/03/20 23:23:56 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/03/20 23:23:56 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011/03/20 23:23:56 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/03/20 23:23:56 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/03/20 23:23:56 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/03/20 23:23:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/03/20 23:23:55 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/03/20 23:23:55 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/03/20 23:23:55 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/03/20 23:23:55 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/03/20 23:23:55 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/03/20 23:23:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/03/20 23:23:54 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/03/20 23:23:54 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011/03/20 23:23:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/03/20 23:23:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/20 23:23:53 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/03/20 23:23:53 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/03/20 23:23:53 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/03/20 23:23:53 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011/03/20 23:23:53 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/03/20 23:23:53 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/03/20 23:23:53 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/03/20 23:23:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011/03/20 23:23:53 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/03/20 23:23:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/03/20 23:23:53 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/03/20 23:23:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/03/20 23:23:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/03/20 23:23:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/03/20 23:23:53 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/03/20 23:23:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/03/20 23:23:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/03/20 23:23:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011/03/20 23:23:52 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/03/20 23:23:51 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/03/20 23:23:51 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/03/20 23:23:51 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/03/20 23:23:51 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/03/20 23:23:51 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/03/20 23:23:51 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/03/20 23:23:51 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/03/20 23:23:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/03/20 23:23:51 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/03/20 23:23:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/03/20 23:23:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/20 23:23:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/03/20 23:23:50 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/03/20 23:23:50 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/03/20 23:23:50 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/03/20 23:23:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011/03/20 23:23:49 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/03/20 23:23:49 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/03/20 23:23:49 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/03/20 23:23:49 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011/03/20 23:23:49 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/03/20 23:23:49 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/03/20 23:23:49 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/03/20 23:23:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/20 23:23:48 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/03/20 23:23:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/03/20 23:23:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/03/20 23:23:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/03/20 23:23:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/03/20 23:23:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/03/20 23:23:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011/03/20 23:23:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/03/20 23:23:46 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/03/20 23:23:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/03/20 23:23:46 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/03/20 23:23:46 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/03/20 23:23:45 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/03/20 23:23:45 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011/03/20 23:23:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/03/20 23:23:45 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/03/20 23:23:45 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/03/20 23:23:45 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/03/20 23:23:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/03/20 23:23:44 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/03/20 23:23:44 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/03/20 23:23:43 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/03/20 23:23:43 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/03/20 23:23:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011/03/20 23:23:43 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/03/20 23:23:43 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/03/20 23:23:43 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/03/20 23:23:43 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/03/20 23:23:43 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011/03/20 23:23:43 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/03/20 23:23:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/20 23:23:43 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/03/20 23:23:43 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/03/20 23:23:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/03/20 23:23:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/03/20 23:23:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/03/20 23:23:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/03/20 23:23:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/03/20 23:23:42 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/03/20 23:23:42 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011/03/20 23:23:42 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011/03/20 23:23:42 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/03/20 23:23:42 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/03/20 23:23:42 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/03/20 23:23:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011/03/20 23:23:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011/03/20 23:23:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/03/20 23:23:41 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/20 23:23:41 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/03/20 23:23:41 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/03/20 23:23:41 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/03/20 23:23:41 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/03/20 23:23:41 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/03/20 23:23:41 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/03/20 23:23:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/03/20 23:23:41 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011/03/20 23:23:41 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/03/20 23:23:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/03/20 23:23:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/03/20 23:23:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/03/20 23:23:40 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/03/20 23:23:40 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/03/20 23:23:40 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/03/20 23:23:40 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/03/20 23:23:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/03/20 23:23:39 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/03/20 23:23:39 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/03/20 23:23:39 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/03/20 23:23:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/03/20 23:23:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/03/20 23:23:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/03/20 23:23:38 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/03/20 23:23:38 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/03/20 23:23:38 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/03/20 23:23:38 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/03/20 23:23:38 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/20 23:23:38 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/03/20 23:23:38 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/03/20 23:23:38 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/20 23:23:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/03/20 23:23:38 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/03/20 23:23:38 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/03/20 23:23:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/03/20 23:23:38 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/03/20 23:23:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/03/20 23:23:38 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/03/20 23:23:38 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/03/20 23:23:36 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/03/20 23:23:36 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/20 23:23:36 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/20 23:23:36 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/20 23:23:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011/03/20 23:23:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/03/20 23:23:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011/03/20 23:23:34 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/03/20 23:23:34 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/03/20 23:23:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/03/20 23:23:34 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/03/20 23:23:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/03/20 23:23:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/03/20 23:23:34 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/03/20 23:23:33 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/03/20 23:23:33 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/03/20 23:23:33 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/03/20 23:23:33 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/03/20 23:23:33 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/03/20 23:23:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/03/20 23:23:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/03/20 23:23:33 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/03/20 23:23:33 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/03/20 23:23:32 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/03/20 23:23:31 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/03/20 23:23:31 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/03/20 23:23:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/03/20 23:23:31 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/20 23:23:31 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/03/20 23:23:30 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/03/20 23:23:30 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/03/20 23:23:30 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/03/20 23:23:30 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/03/20 23:23:30 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/03/20 23:23:30 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/03/20 23:23:30 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/03/20 23:23:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/03/20 23:23:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/03/20 23:23:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/03/20 23:23:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/03/20 23:23:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/03/20 23:23:29 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011/03/20 23:23:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/03/20 23:23:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/03/20 23:23:29 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011/03/20 23:23:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/03/20 23:23:28 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/03/20 23:23:28 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/03/20 23:23:28 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/03/20 23:23:28 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/03/20 23:23:28 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/03/20 23:23:28 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011/03/20 23:23:28 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/03/20 23:23:28 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/03/20 23:23:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/03/20 23:23:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/03/20 23:23:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/03/20 23:23:27 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/03/20 23:23:27 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/03/20 23:23:27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/03/20 23:23:27 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/03/20 23:23:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/03/20 23:23:26 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/03/20 23:23:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/03/20 23:23:26 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/03/20 23:23:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/03/20 23:23:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/03/20 23:23:25 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/03/20 23:23:25 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/03/20 23:23:25 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/03/20 23:23:25 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/03/20 23:23:25 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/03/20 23:23:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/03/20 23:23:25 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/20 23:23:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/03/20 23:23:25 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/03/20 23:23:24 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/03/20 23:23:23 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/03/20 23:23:23 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/03/20 23:23:23 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/03/20 23:23:23 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/03/20 23:23:23 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/03/20 23:23:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/03/20 23:23:23 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/03/20 23:23:21 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/03/20 23:23:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/03/20 23:23:20 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/03/20 23:23:20 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/03/20 23:23:20 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/03/20 23:23:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/03/20 23:23:19 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/03/20 23:23:19 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/03/20 23:23:19 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/03/20 23:23:19 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/03/20 23:23:19 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/03/20 23:23:19 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/03/20 23:23:19 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/03/20 23:23:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/03/20 23:23:19 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011/03/20 23:23:19 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/03/20 23:23:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011/03/20 23:23:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/03/20 23:23:18 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/03/20 23:23:18 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/03/20 23:23:18 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/03/20 23:23:18 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/03/20 23:23:18 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011/03/20 23:23:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/03/20 23:23:18 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/03/20 23:23:18 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/03/20 23:23:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011/03/20 23:23:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/03/20 23:23:16 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/03/20 23:23:15 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/03/20 23:23:15 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/03/20 23:23:15 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/03/20 23:23:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/03/20 23:23:14 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/03/20 23:23:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/03/20 23:23:14 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/03/20 23:23:14 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/03/20 23:23:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/03/20 23:23:09 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/03/20 23:23:09 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/03/20 23:23:09 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/03/20 23:23:09 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/03/20 23:23:09 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/03/20 23:23:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011/03/20 23:19:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/20 21:58:23 | 000,041,984 | -
-
I would remove the older version of Java
close down all browser windows and uninstall Java™ 6 Update 2 and your older version of Adobe Reader>>Adobe Reader 8.1.0
While your at it, also remove Viewpoint Media Player
Next, ensure that leftovers of Norton's are gone
Download and save to desktop the Norton Removal tool
http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
After you save it to your desktop, right click on it and choose to "Run as Administrator"
Allowing it to run
When you have that complete
Restart your computer
let's get Adobe Reader updated
Go to the following link
http://get.adobe.com/reader/
UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar
Download and save to desktop the installer for the latest version of A. Reader
Double click on the installer to install
After successfully installing, you can delete the installer on desktop
Can you open Adobe Reader and click on HELP>>CHECK FOR UPDATES and install any update if found to ensure you are right up to date
Back in Windows...Try installing Microft Security Essentials from the following location
http://www.microsoft.com/security_essentials/
After it's installed, come back here and let me know how things are running
Has the owner made the Recovery disks? They're allowed to make 1 copies>>Probably anywhere from 2-4 DVD-R's
Worth making if they plan on keeping this laptop, especially if they lose the harddrive in the future
Also, would they be willing to install more RAM, the most this computer can handle I think is 2GB, but that would be much better than 1gb
Especially running Vista
They may also look into closing down some of the eye candy to reserve resources
Another option would be to use ReadyBoost, with a compatible USB thumbdrive, don't think of it as a replacement for installing more RAM however
They can get 2 sticks of 1gb's for under 40 bucks, are they willing?
-
I had to give it back to him so he could do some work on it, but I'll try and get my hands on it again soon. thanks for all your help
I got Microsoft security essentials installed and updated for him