View Full Version : Please help me!!!
pennyscents
2009-06-13, 19:54
I am not sure if I did this right. I followed the instructions given on the Before You Post section of this site. I did see that it said that if you have recently used an analyzer before requesting help that I should inform you of that. I purchased a Regcure software online last weekend. I have ran this and many errors have been found. It says that they are repaired, but if the scan is ran immediately thereafter the errors are still there. I also did run an Avast antivirus thorough scan that did not find anything today, but does have some other things that it found in the virus chest. I am not very computer literate!!!! My PC is running VERY slow, not responding, freezing up, error messages, having a lot of problems in Internet Explorer, some in Mozilla too, can't install updates messages.....
Your help would be sincerely appreciated!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:26 AM, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Upromise\UpromiseTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 75.28.120.201 www.mlmpds.biz
O1 - Hosts: 69.221.48.106 www.mlmonline.us
O1 - Hosts: 70.239.120.186 www.mlmpds.biz
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Swag Bucks Toolbar - {A057A204-BACC-4D26-B2FC-48F8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Swag Bucks Toolbar - {A057A204-BACC-4D26-B2FC-48F8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZKman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.gallery.com
O15 - Trusted Zone: *.kodakgallery.com
O15 - Trusted Zone: *.ofoto.com
O15 - Trusted Zone: http://webfetti.smileycentral.com
O15 - Trusted Zone: http://*.udmserve.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://allieddigitalphoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173478779220
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173478886579
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: shellservice - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13071 bytes
Hello and welcome to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
1 - Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.
2 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
Thanks peku006
pennyscents
2009-06-16, 01:06
I did not have the icon shown for turning off my Avast Antivirus. When I right clicked on the icon that I have there was not a selection called stop on-access protecton per, the combofix instructions. I uninstalled the software. I also uninstalled Adaware and disabled the resident Teatimer. I have noticed that when I post my time comes up different than it actually is. It is 5:05 PM right now. Thank you!!!!!
ComboFix 09-06-15.03 - Owner 06/15/2009 16:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.463 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 20:25 . 2009-06-15 20:26 -------- dc----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-15 20:20 . 2009-06-15 20:20 -------- dc----w- c:\program files\Common Files\iS3
2009-06-15 20:20 . 2009-06-15 20:49 -------- dc----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-14 04:13 . 2009-06-14 04:13 417792 -c--a-w- C:\NPcol305.dll
2009-06-13 16:39 . 2009-06-13 16:39 -------- dc----w- c:\program files\Trend Micro
2009-06-13 16:34 . 2009-06-13 16:35 -------- dc----w- c:\program files\ERUNT
2009-06-06 20:02 . 2009-06-06 22:29 -------- dc----w- c:\program files\RegCure
2009-06-06 18:46 . 2009-06-06 21:53 -------- dc----w- c:\windows\system32\CatRoot_bak
2009-06-06 18:37 . 2009-06-06 18:37 -------- dc----w- c:\windows\system32\wbem\Repository
2009-06-06 18:34 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-06-06 02:32 . 2009-06-06 02:32 -------- dc----w- C:\b68594b382084c4a0772525970c484
2009-06-05 00:48 . 2009-06-05 00:48 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-05 00:43 . 2009-06-05 00:43 -------- dcsh--w- c:\documents and settings\Owner\IETldCache
2009-06-05 00:28 . 2009-06-06 15:28 -------- dc----w- c:\windows\ie8updates
2009-06-05 00:23 . 2009-04-29 04:31 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-06-05 00:22 . 2009-06-05 00:28 -------- dc-h--w- c:\windows\msdownld.tmp
2009-06-05 00:20 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 20:44 . 2009-04-04 21:03 -------- dc----w- c:\program files\Lavasoft
2009-06-15 18:30 . 2009-02-05 00:23 -------- dc----w- c:\program files\Coupons
2009-06-14 04:13 . 2008-09-13 15:33 430080 -c--a-w- c:\windows\system32\BSTIEPrintCtl1.dll
2009-06-13 22:04 . 2008-02-27 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 00:47 . 2007-03-22 22:57 -------- dc----w- c:\program files\Java
2009-06-11 23:05 . 2008-12-14 23:45 -------- dc----w- c:\program files\Windows Desktop Search
2009-06-10 23:53 . 2009-05-02 16:16 -------- dc----w- c:\program files\prodegetoolbar680
2009-06-07 00:20 . 2007-03-22 01:19 -------- dc----w- c:\program files\Yahoo!
2009-06-07 00:20 . 2008-07-15 21:30 -------- dc----w- c:\docume~1\Owner\APPLIC~1\Yahoo!
2009-06-07 00:19 . 2008-07-15 21:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-07 00:12 . 2008-03-24 20:15 -------- dc----w- c:\program files\Common Files\AOL
2009-06-06 22:15 . 2008-02-27 20:31 -------- dc----w- c:\program files\Microsoft SQL Server
2009-06-06 17:46 . 2007-03-09 21:46 77423 -c--a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-05 00:26 . 2008-07-15 21:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-25 05:24 . 2008-05-27 04:18 350208 -c--a-w- c:\windows\system32\mssph.dll
2009-05-18 21:30 . 2007-10-08 23:52 -------- dc----w- c:\docume~1\Owner\APPLIC~1\Canon
2009-05-12 20:12 . 2007-03-09 22:24 26144 -c--a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:44 . 2008-10-27 23:04 344064 -c--a-w- c:\windows\system32\localspl.dll
2009-05-05 00:59 . 2009-05-02 16:16 -------- dc----w- c:\docume~1\Owner\APPLIC~1\PRODEGETOOLBAR680
2009-05-01 01:57 . 2009-05-01 01:55 -------- dc----w- c:\program files\iTunes
2009-05-01 01:57 . 2009-05-01 01:55 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 01:56 . 2009-05-01 01:56 -------- dc----w- c:\program files\iPod
2009-05-01 01:56 . 2007-12-25 18:00 -------- dc----w- c:\program files\Common Files\Apple
2009-05-01 01:40 . 2009-05-01 01:39 -------- dc----w- c:\program files\Safari
2009-05-01 01:39 . 2009-05-01 01:39 -------- dc----w- c:\program files\Bonjour
2009-04-29 04:31 . 2006-06-23 17:33 668160 -c--a-w- c:\windows\system32\wininet.dll
2009-04-19 18:11 . 2008-08-29 14:47 34 -c--a-w- c:\documents and settings\Nathan\jagex_runescape_preferences.dat
2009-04-17 09:58 . 2008-10-27 23:04 1846656 -c--a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-03-06 02:16 583168 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 13:38 . 2008-07-01 20:03 34 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-03-26 20:23 . 2009-05-01 01:46 1900544 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 20:23 . 2007-12-25 18:01 36864 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 21:32 . 2008-01-29 17:01 23400 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-01-08 21:53 . 2008-03-21 23:08 254064 -c--a-w- c:\program files\mozilla firefox\components\ffe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-B2FC-48F8CCAB3ED4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Upromise"="c:\program files\Upromise\Upromise.exe" [2008-09-17 536576]
"Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [2008-09-17 172032]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2008-10-15 167936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 filesvc;filesvc;c:\windows\system32\config\atww\filesvc.sys [9/19/2008 4:31 PM 9216]
R2 procdrv;procdrv;c:\windows\system32\config\atww\procdrv.sys [9/19/2008 4:31 PM 6144]
R2 regfil;regfil;c:\windows\system32\config\atww\regfil.sys [9/19/2008 4:31 PM 7552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/24/2008 3:16 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-06-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
2009-06-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-RegistryMechanic - (no file)
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - ?p=ZKman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: gallery.com
Trusted Zone: kodakgallery.com
Trusted Zone: ofoto.com
Trusted Zone: smileycentral.com\webfetti
Trusted Zone: udmserve.net
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://allieddigitalphoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542}
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 16:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3240)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\CF21459.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-15 16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 21:36
Pre-Run: 43,204,022,272 bytes free
Post-Run: 44,826,025,984 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
213 --- E O F --- 2009-06-15 15:29
Hi pennyscents
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
Thanks peku006
pennyscents
2009-06-18, 22:03
Malwarebytes' Anti-Malware 1.38
Database version: 2304
Windows 5.1.2600 Service Pack 2
6/18/2009 1:59:50 PM
mbam-log-2009-06-18 (13-59-50).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 191755
Time elapsed: 1 hour(s), 34 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\prodegetoolbar680.prodegetoolbar680 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\prodegetoolbar680\prodegetoolbar680.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2f732d15-bcce-4873-96c6-fa644616ace5}\RP1104\A0144409.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\WINDOWS\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
pennyscents
2009-06-18, 22:37
After I ran the MBAM it did remove somethings from my pc that I would like to use.
As I mentioned I do print coupons from some sites, which requires that a "coupon bar" or in some cases "coupon installer" be on my pc. This is because they need to keep track of the coupons that are being printed, limit how many one person can print, and it helps to monitor fraudulent use of coupons. I buy all of my household and groceries for my family of 5 for around $250. I save a TON of money!
I also use a browser (swagbucks.com) that gives you points for doing a search through them. You then redeem those points for cash, all sort of things. I did read their privacy statement, and it does say that they do not share your information.
How can I use these sites and still protect my pc at the same time?
Note: My problems did start before I started using these sites.
Hi pennyscents
I am sorry if mbam deleted something that you use:sad:,I do not understand why mbam removed "legal issues" ,this is the first time for me
Download and run OTS
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.
NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).
Please post the contents of this Notepad file in your next reply.
Thanks peku006
pennyscents
2009-06-22, 22:59
I did the last thing that you told me to do & posted it on here as a reply. I saw it go on the page & everything. I cam back here to post a message to you, b/c I hadn't heard anything. I now see that it is not here? Did you ever see it? do you know what happened to it?
I will go ahead and do it again. I am still having a lot of problems.
My Avon Website is not working properly on my end, but fine on other pc's.
I can not print coupons from Bricks or coupons.com using Mozilla (it just freezes up).
I still get a lot of Not responding errors
Error that reads: spdproxy.exe-unable to locate component. The application failed because ConnAPI.DLL was not found. Re-installing application may fix this problem.
Error that reads: chkdsk is checking security description, chkdsk is verifying files 1-3, chkdsk is verifying 2-3, one of your disk needs to be checked for consitency... My son wrote these ones down. They all happened one right after another when he turned to pc on.
I know that you said that you can't really say anything about MBAM removing a few of my things (legal issues).
Are you able to recommend a good virus protection for my pc that is really, really easy to use, and will still allow me to use my sites?
Do you know of a good way for me to keep my pc clean, even though I am using these sites?
I have know idea what we are doing either?????
pennyscents
2009-06-23, 02:56
[code]
OTS logfile created on: 6/19/2009 6:15:11 PM - Run 1
OTS by OldTimer - Version 3.0.6.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
766.00 Mb Total Physical Memory | 401.89 Mb Available Physical Memory | 52.47% Memory free
1.08 Gb Paging File | 0.78 Gb Available in Paging File | 72.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 41.97 Gb Free Space | 56.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PENNY-YSGOLY8N9
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
apdproxy.exe -> C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe -> [2007/09/11 01:43:54 | 00,067,488 | ---- | M] (Adobe Systems Incorporated)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
bcmsqlstartupsvc.exe -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
opwarese4.exe -> C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe -> [2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.)
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/19 18:13:54 | 00,511,488 | ---- | M] (OldTimer Tools)
photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 01:45:04 | 00,124,832 | ---- | M] ()
sqlbrowser.exe -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
tfswctrl.exe -> C:\WINDOWS\System32\dla\tfswctrl.exe -> [2003/08/06 02:04:00 | 00,114,741 | ---- | M] (Sonic Solutions)
upromise.exe -> C:\Program Files\Upromise\Upromise.exe -> [2008/09/17 09:29:04 | 00,536,576 | ---- | M] (Upromise, Inc.)
upromisetray.exe -> C:\Program Files\Upromise\UpromiseTray.exe -> [2008/10/15 18:01:58 | 00,167,936 | ---- | M] ()
upromiseua.exe -> C:\Program Files\Upromise\UpromiseUa.exe -> [2008/09/17 09:30:20 | 00,172,032 | ---- | M] (Upromise, Inc.)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
wrtmon.exe -> C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe -> [2006/09/20 08:35:26 | 00,020,480 | ---- | M] ()
wrtproc.exe -> C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe -> [2006/09/19 16:05:32 | 00,024,576 | ---- | M] ()
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/04 02:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Win32_Own | Auto | Running] -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 01:45:04 | 00,124,832 | ---- | M] ()
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(BcmSqlStartupSvc) Business Contact Manager SQL Server Startup Service [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008/01/11 18:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/02/27 17:51:54 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/04/28 17:07:08 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) [Win32_Own | On_Demand | Stopped] -> c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2007/02/10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Win32_Own | Auto | Running] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -> [2008/07/15 18:38:32 | 00,394,608 | ---- | M] (SupportSoft, Inc.)
(uploadmgr) Upload Manager [Win32_Shared | Auto | Stopped] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aeaudio.sys -> [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -> [2003/06/30 19:11:52 | 00,043,136 | R--- | M] (Broadcom Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2003/07/31 04:21:00 | 00,084,576 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\drvnddm.sys -> [2003/06/20 03:56:00 | 00,040,448 | ---- | M] (Sonic Solutions)
(filesvc) filesvc [Kernel | Auto | Running] -> C:\WINDOWS\System32\config\atww\filesvc.sys -> [2007/12/21 21:17:25 | 00,009,216 | ---- | M] ()
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\IntelC51.sys -> [2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation)
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\IntelC52.sys -> [2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\IntelC53.sys -> [2004/03/05 23:13:52 | 00,060,949 | ---- | M] (Intel Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\MODEMCSA.sys -> [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\mohfilt.sys -> [2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation)
(procdrv) procdrv [Kernel | Auto | Running] -> C:\WINDOWS\System32\config\atww\procdrv.sys -> [2007/12/21 21:17:40 | 00,006,144 | ---- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2003/07/16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -> [2008/12/26 14:51:48 | 00,043,528 | ---- | M] (Sonic Solutions)
(regfil) regfil [Kernel | Auto | Running] -> C:\WINDOWS\System32\config\atww\regfil.sys -> [2007/12/21 21:17:18 | 00,007,552 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2003/02/28 10:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\System32\drivers\sscdbhk5.sys -> [2003/07/14 12:28:40 | 00,005,621 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\System32\drivers\ssrtln.sys -> [2003/07/14 12:28:22 | 00,023,219 | ---- | M] (Sonic Solutions)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnboio.sys -> [2003/08/06 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsncofs.sys -> [2003/08/06 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndrct.sys -> [2003/08/06 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndres.sys -> [2003/08/06 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnifs.sys -> [2003/08/06 02:04:00 | 00,083,284 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnopio.sys -> [2003/08/06 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnpool.sys -> [2003/08/06 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudf.sys -> [2003/08/06 02:04:00 | 00,098,068 | ---- | M] (Sonic Solutions)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudfa.sys -> [2003/08/06 02:04:00 | 00,100,373 | ---- | M] (Sonic Solutions)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\usbaapl.sys -> [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.)
(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wimfltr.sys -> [2006/11/02 01:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\ialmsbw.sys -> [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\ialmkchw.sys -> [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: Main\\"Start Page" -> http://www.yahoo.com/?fr=fp-yie8 ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: SearchURL\\"provider" -> yaho ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2008/11/20 16:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\sxm8uuot.default\prefs.js ->
browser.search.selectedEngine -> "swagbucks.com" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.yahoo.com/" ->
extensions.enabledItems -> {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\sxm8uuot.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/20 18:05:14 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/13 00:29:00 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/06/13 23:13:36 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions -> [2009/05/29 15:31:58 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/05/29 15:31:58 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\sxm8uuot.default\extensions -> [2009/06/13 00:29:33 | 00,098,152 | ---- | M] ()
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\sxm8uuot.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} -> [2009/06/13 00:29:33 | 00,098,152 | ---- | M] ()
-> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\sxm8uuot.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/06/13 00:29:33 | 00,098,152 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\sxm8uuot.default\searchplugins\ -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\sxm8uuot.default\searchplugins -> [2009/06/13 00:39:34 | 00,000,000 | ---D | M]
swagbuckscom.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\sxm8uuot.default\searchplugins\swagbuckscom.xml -> [2009/06/13 00:39:34 | 00,001,172 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/06/13 00:29:00 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/13 00:29:00 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009/06/13 00:29:00 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/06/13 00:29:00 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/06/13 00:29:00 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/13 00:28:50 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/13 00:28:50 | 00,134,648 | ---- | M] (Mozilla Foundation)
ffe.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\ffe.dll -> [2008/01/08 16:53:17 | 00,254,064 | ---- | M] ()
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/06/13 23:13:36 | 00,000,000 | ---D | M]
flashplayer.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\flashplayer.xpt -> [2007/11/20 16:51:00 | 00,000,856 | ---- | M] ()
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
NPcol305.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPcol305.dll -> [2009/06/13 23:13:36 | 00,417,792 | ---- | M] (Invenda Corporation)
npCouponPrinter.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npCouponPrinter.dll -> [2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/13 00:28:54 | 00,065,528 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/01/29 18:33:21 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/01/29 18:33:22 | 00,143,360 | ---- | M] (Apple Inc.)
NPSWF32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPSWF32.dll -> [2007/11/20 17:52:00 | 02,884,992 | ---- | M] ()
NPSWF32_FlashUtil.exe -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPSWF32_FlashUtil.exe -> [2007/11/20 17:52:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 12:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 13:26:35 | 00,000,266 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/01/29 18:33:21 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/06/17 15:23:18 | 00,001,144 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/05/29 15:31:48 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/05/29 15:31:40 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/05/29 15:31:40 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/05/29 15:31:40 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/05/29 15:31:40 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/05/29 15:31:40 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/05/29 15:31:40 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/05/29 15:31:40 | 00,000,792 | ---- | M] ()
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2008/11/20 16:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\System32\dla\tfswshx.dll [DriveLetterAccess] -> [2003/08/06 02:04:00 | 00,106,548 | ---- | M] (Sonic Solutions)
{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/06/15 13:00:44 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/28 17:07:29 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/04/28 12:03:42 | 00,470,512 | ---- | M] (Google Inc.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [MSN Toolbar Helper] -> [2008/12/04 13:29:32 | 00,083,800 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} [HKLM] -> C:\Program Files\Upromise\upromisetoolbar.dll [Upromise TurboSaver] -> [2008/10/15 18:01:38 | 00,929,792 | ---- | M] (Upromise, Inc.)
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} [HKLM] -> C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [Yontoo Layers] -> [2008/10/01 02:40:01 | 00,192,960 | ---- | M] (Yontoo Technology, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [SingleInstance Class] -> [2008/11/20 16:21:28 | 00,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/15 13:00:44 | 00,259,696 | ---- | M] (Google Inc.)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2008/11/20 16:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/15 13:00:44 | 00,259,696 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/15 13:00:44 | 00,259,696 | ---- | M] (Google Inc.)
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D0523BB4-21E7-11DD-9AB7-415B56D89593}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DE9C389F-3316-41A7-809B-AA305ED9D922}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2008/11/20 16:21:28 | 00,911,600 | ---- | M] (Yahoo! Inc.)
WebBrowser\\"{F2CF5485-4E02-4F68-819C-B92DE9277049}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"] -> [2007/09/11 01:43:54 | 00,067,488 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/03/26 15:11:54 | 00,177,472 | ---- | M] (Apple Inc.)
"dla" -> C:\WINDOWS\System32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2003/08/06 02:04:00 | 00,114,741 | ---- | M] (Sonic Solutions)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/10/19 08:59:14 | 00,155,648 | ---- | M] (Intel Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
"OpwareSE4" -> C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"] -> [2006/10/11 12:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"SSBkgdUpdate" -> C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> [2006/09/28 13:16:20 | 00,185,896 | ---- | M] (Nuance Communications, Inc.)
pennyscents
2009-06-23, 02:58
I found out the reason why it didn't post the first time. It was too large. This is the second half of the OTS Notepad file
"StorageGuard" -> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> [2003/02/13 02:01:00 | 00,155,648 | ---- | M] (Sonic Solutions)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"WrtMon.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe] -> [2006/09/20 08:35:26 | 00,020,480 | ---- | M] ()
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/08/24 03:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"RunNarrator" -> C:\WINDOWS\System32\narrator.exe [Narrator.exe] -> [2006/10/04 03:48:36 | 00,053,760 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/08/24 03:18:18 | 00,437,160 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"RunNarrator" -> C:\WINDOWS\System32\narrator.exe [Narrator.exe] -> [2006/10/04 03:48:36 | 00,053,760 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"Upromise" -> C:\Program Files\Upromise\Upromise.exe [C:\Program Files\Upromise\Upromise.exe] -> [2008/09/17 09:29:04 | 00,536,576 | ---- | M] (Upromise, Inc.)
"Upromise Tray" -> C:\Program Files\Upromise\UpromiseTray.exe [C:\Program Files\Upromise\UpromiseTray.exe] -> [2008/10/15 18:01:58 | 00,167,936 | ---- | M] ()
"Upromise Update" -> C:\Program Files\Upromise\UpromiseUa.exe [C:\Program Files\Upromise\UpromiseUa.exe] -> [2008/09/17 09:30:20 | 00,172,032 | ---- | M] (Upromise, Inc.)
< Alex Startup Folder > -> C:\Documents and Settings\Alex\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Nathan Startup Folder > -> C:\Documents and Settings\Nathan\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html [c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html] -> [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()
&Search -> [?p=ZKman000] -> File not found
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [Button: AIM Toolbar] -> [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] -> C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5470 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5470 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5474 domain(s) found. ->
gallery.com . -> Trusted sites ->
kodakgallery.com . -> Trusted sites ->
ofoto.com . -> Trusted sites ->
webfetti_smileycentral.com [http] -> Trusted sites ->
udmserve.net .[http] -> Trusted sites ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED} [HKLM] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab [Support.com Configuration Class] ->
{0C92900E-4D5A-4F04-ACC9-729E1767BBAE} [HKLM] -> http://allieddigitalphoto.lifepics.com/net/Uploader/LPUploader45.cab [Image Uploader Control] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] ->
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photos.walmart.com/WalmartActivia.cab [Snapfish Activia] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173478779220 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173478886579 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{A7EA8AD2-287F-11D3-B120-006008C39542} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 65.24.7.10 65.24.7.11 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4015BF02-5858-4BA0-A395-F655E87ADC24}\\DhcpNameServer -> 65.24.7.10 65.24.7.11 (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2005/10/19 08:59:14 | 00,348,160 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/03/09 16:47:17 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/19 18:13:54 | 00,511,488 | ---- | C] (OldTimer Tools)
Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2009/06/18 12:16:23 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/18 12:16:20 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/06/18 12:16:17 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/06/18 12:16:16 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/06/18 12:16:15 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/06/18 12:16:15 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\Owner\Desktop\mbam-setup.exe -> [2009/06/18 12:14:49 | 03,561,744 | ---- | C] (Malwarebytes Corporation )
Boot.bak -> C:\Boot.bak -> [2009/06/15 16:11:47 | 00,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/06/15 16:11:37 | 00,260,272 | ---- | C] ()
cmdcons -> C:\cmdcons -> [2009/06/15 16:11:24 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/06/15 16:09:14 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/06/15 16:09:14 | 00,161,792 | ---- | C] (SteelWerX)
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/06/15 16:09:14 | 00,155,136 | ---- | C] ()
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/06/15 16:09:14 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> C:\WINDOWS\sed.exe -> [2009/06/15 16:09:14 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/06/15 16:09:14 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/06/15 16:09:14 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/06/15 16:09:14 | 00,031,232 | ---- | C] (NirSoft)
CF21459.exe -> C:\WINDOWS\System32\CF21459.exe -> [2009/06/15 16:09:08 | 00,388,608 | ---- | C] (Microsoft Corporation)
Qoobox -> C:\Qoobox -> [2009/06/15 16:05:16 | 00,000,000 | ---D | C]
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2009/06/15 16:02:35 | 03,027,284 | R--- | C] ()
Config.Msi -> C:\Config.Msi -> [2009/06/15 15:43:55 | 00,000,000 | -HSD | C]
SITEguard -> C:\Documents and Settings\All Users\Application Data\SITEguard -> [2009/06/15 15:25:59 | 00,000,000 | ---D | C]
iS3 -> C:\Program Files\Common Files\iS3 -> [2009/06/15 15:20:15 | 00,000,000 | ---D | C]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2009/06/15 15:20:13 | 00,000,000 | ---D | C]
Walmart Trial Sizes.docx -> C:\Documents and Settings\Owner\My Documents\Walmart Trial Sizes.docx -> [2009/06/15 12:03:18 | 00,014,971 | ---- | C] ()
NPcol305.dll -> C:\NPcol305.dll -> [2009/06/13 23:13:36 | 00,417,792 | ---- | C] (Invenda Corporation)
CouponActivator.exe -> C:\Documents and Settings\Owner\Desktop\CouponActivator.exe -> [2009/06/13 23:13:26 | 00,988,712 | ---- | C] ()
HJTInstall(2).exe -> C:\Documents and Settings\Owner\Desktop\HJTInstall(2).exe -> [2009/06/13 11:40:34 | 00,812,344 | ---- | C] (Trend Micro Inc.)
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2009/06/13 11:39:46 | 00,001,734 | ---- | C] ()
Trend Micro -> C:\Program Files\Trend Micro -> [2009/06/13 11:39:46 | 00,000,000 | ---D | C]
HJTInstall.exe -> C:\Documents and Settings\Owner\Desktop\HJTInstall.exe -> [2009/06/13 11:39:32 | 00,812,344 | ---- | C] (Trend Micro Inc.)
ERDNT -> C:\WINDOWS\ERDNT -> [2009/06/13 11:35:59 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/06/13 11:35:13 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2009/06/13 11:34:53 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2009/06/13 11:34:53 | 00,000,592 | ---- | C] ()
ERUNT -> C:\Program Files\ERUNT -> [2009/06/13 11:34:52 | 00,000,000 | ---D | C]
erunt-setup.exe -> C:\Documents and Settings\Owner\Desktop\erunt-setup.exe -> [2009/06/13 11:33:02 | 00,791,393 | ---- | C] (Lars Hederer )
couponing notes -> C:\Documents and Settings\Owner\My Documents\couponing notes -> [2009/06/13 04:13:49 | 00,000,000 | ---D | C]
RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2009/06/06 15:02:54 | 00,000,438 | ---- | C] ()
RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2009/06/06 15:02:48 | 00,000,372 | ---- | C] ()
RegCure -> C:\Program Files\RegCure -> [2009/06/06 15:02:30 | 00,000,000 | ---D | C]
RegCureSetup_RW.exe -> C:\Documents and Settings\Owner\Desktop\RegCureSetup_RW.exe -> [2009/06/06 15:02:02 | 01,431,504 | ---- | C] (ParetoLogic Inc.)
CatRoot_bak -> C:\WINDOWS\System32\CatRoot_bak -> [2009/06/06 13:46:23 | 00,000,000 | ---D | C]
colbact.dll -> C:\WINDOWS\System32\dllcache\colbact.dll -> [2009/06/06 13:34:06 | 00,060,416 | ---- | C] (Microsoft Corporation)
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2009/06/06 13:16:01 | 08,650,752 | ---- | C] ()
Prefetch -> C:\WINDOWS\Prefetch -> [2009/06/06 13:12:52 | 00,000,000 | ---D | C]
Active Setup Log.BAK -> C:\WINDOWS\Active Setup Log.BAK -> [2009/06/05 23:20:52 | 00,000,962 | ---- | C] ()
b68594b382084c4a0772525970c484 -> C:\b68594b382084c4a0772525970c484 -> [2009/06/05 21:32:31 | 00,000,000 | ---D | C]
IETldCache -> C:\Documents and Settings\Owner\IETldCache -> [2009/06/04 19:43:28 | 00,000,000 | -HSD | C]
ie8updates -> C:\WINDOWS\ie8updates -> [2009/06/04 19:28:05 | 00,000,000 | ---D | C]
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2009/06/04 19:23:00 | 00,081,920 | ---- | C] (Microsoft Corporation)
msdownld.tmp -> C:\WINDOWS\msdownld.tmp -> [2009/06/04 19:22:34 | 00,000,000 | -H-D | C]
iecompat.dll -> C:\WINDOWS\System32\dllcache\iecompat.dll -> [2009/06/04 19:20:13 | 00,102,912 | ---- | C] (Microsoft Corporation)
winpoint.ini -> C:\WINDOWS\winpoint.ini -> [2008/10/27 13:53:14 | 00,000,054 | ---- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2008/03/24 15:16:39 | 00,000,021 | ---- | C] ()
IPPCPUID.DLL -> C:\WINDOWS\System32\IPPCPUID.DLL -> [2007/10/07 12:53:58 | 00,040,960 | ---- | C] ()
pmsbfn32.dll -> C:\WINDOWS\System32\pmsbfn32.dll -> [2007/10/07 12:52:48 | 00,011,776 | ---- | C] ()
MAXLINK.INI -> C:\WINDOWS\MAXLINK.INI -> [2007/10/07 12:51:08 | 00,000,416 | ---- | C] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 11:51:02 | 00,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 11:48:48 | 00,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 11:48:28 | 00,031,698 | ---- | C] ()
DEBUGSM.INI -> C:\WINDOWS\DEBUGSM.INI -> [2007/03/31 14:52:07 | 00,000,029 | ---- | C] ()
mchguid.ini -> C:\WINDOWS\mchguid.ini -> [2007/03/18 19:47:25 | 00,000,058 | ---- | C] ()
PI_setup.ini -> C:\WINDOWS\PI_setup.ini -> [2007/03/17 08:37:25 | 00,000,021 | ---- | C] ()
PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2007/03/17 08:36:43 | 00,000,022 | ---- | C] ()
EPSON RX620 Installer.ini -> C:\WINDOWS\EPSON RX620 Installer.ini -> [2007/03/17 08:30:42 | 00,000,227 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/03/16 15:18:27 | 00,000,376 | ---- | C] ()
RGT002.DLL -> C:\WINDOWS\System32\RGT002.DLL -> [2007/03/10 01:25:20 | 00,982,016 | R--- | C] ()
Export to web.INI -> C:\WINDOWS\Export to web.INI -> [2007/03/10 01:19:09 | 00,000,000 | ---- | C] ()
PWKMAIN.INI -> C:\WINDOWS\PWKMAIN.INI -> [2007/03/10 01:18:47 | 00,000,000 | ---- | C] ()
LFFPX7.DLL -> C:\WINDOWS\System32\LFFPX7.DLL -> [2007/03/10 01:18:28 | 00,338,944 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2007/03/10 01:18:28 | 00,118,784 | ---- | C] ()
BDEMERGE.INI -> C:\WINDOWS\System32\BDEMERGE.INI -> [2007/03/10 01:16:46 | 00,000,258 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/03/09 17:10:57 | 00,000,229 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2003/11/20 16:39:58 | 00,000,000 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2003/07/16 15:51:23 | 00,000,784 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2003/07/16 15:47:28 | 00,000,227 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/19 18:13:54 | 00,511,488 | ---- | M] (OldTimer Tools)
RegCure Program Check.job -> C:\WINDOWS\tasks\RegCure Program Check.job -> [2009/06/19 17:00:00 | 00,000,438 | ---- | M] ()
privacy.dat -> C:\Documents and Settings\Owner\Local Settings\temp\privacy.dat -> [2009/06/19 12:21:53 | 00,010,379 | ---- | M] ()
pSettings.dat -> C:\Documents and Settings\Owner\Local Settings\temp\pSettings.dat -> [2009/06/19 12:21:50 | 00,001,100 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/06/19 12:21:24 | 00,002,206 | ---- | M] ()
Perflib_Perfdata_78c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_78c.dat -> [2009/06/19 12:20:48 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_654.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_654.dat -> [2009/06/19 12:20:44 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/19 12:20:41 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/06/19 12:20:38 | 00,002,048 | --S- | M] ()
ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2009/06/18 19:57:39 | 08,650,752 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2009/06/18 19:57:39 | 00,000,278 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/18 12:16:20 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Owner\Desktop\mbam-setup.exe -> [2009/06/18 12:14:50 | 03,561,744 | ---- | M] (Malwarebytes Corporation )
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
system.ini -> C:\WINDOWS\system.ini -> [2009/06/15 16:29:58 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/06/15 16:29:19 | 00,000,027 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/06/15 16:11:47 | 00,000,281 | RHS- | M] ()
CF21459.exe -> C:\WINDOWS\System32\CF21459.exe -> [2009/06/15 16:09:03 | 00,388,608 | ---- | M] (Microsoft Corporation)
ComboFix.exe -> C:\Documents and Settings\Owner\Desktop\ComboFix.exe -> [2009/06/15 16:03:49 | 03,027,284 | R--- | M] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/06/15 15:45:02 | 00,002,577 | ---- | M] ()
Walmart Trial Sizes.docx -> C:\Documents and Settings\Owner\My Documents\Walmart Trial Sizes.docx -> [2009/06/15 12:03:20 | 00,014,971 | ---- | M] ()
Microsoft Office Word 2007.lnk -> C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk -> [2009/06/15 11:58:49 | 00,002,515 | ---- | M] ()
BSTIEPrintCtl1.dll -> C:\WINDOWS\System32\BSTIEPrintCtl1.dll -> [2009/06/13 23:13:36 | 00,430,080 | ---- | M] (Invenda Corporation)
NPcol305.dll -> C:\NPcol305.dll -> [2009/06/13 23:13:36 | 00,417,792 | ---- | M] (Invenda Corporation)
CouponActivator.exe -> C:\Documents and Settings\Owner\Desktop\CouponActivator.exe -> [2009/06/13 23:13:26 | 00,988,712 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/13 15:08:51 | 00,006,110 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/13 15:08:51 | 00,005,725 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2009/06/13 11:40:47 | 00,001,734 | ---- | M] ()
HJTInstall(2).exe -> C:\Documents and Settings\Owner\Desktop\HJTInstall(2).exe -> [2009/06/13 11:40:34 | 00,812,344 | ---- | M] (Trend Micro Inc.)
HJTInstall.exe -> C:\Documents and Settings\Owner\Desktop\HJTInstall.exe -> [2009/06/13 11:39:33 | 00,812,344 | ---- | M] (Trend Micro Inc.)
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/06/13 11:35:13 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2009/06/13 11:34:53 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2009/06/13 11:34:53 | 00,000,592 | ---- | M] ()
erunt-setup.exe -> C:\Documents and Settings\Owner\Desktop\erunt-setup.exe -> [2009/06/13 11:33:03 | 00,791,393 | ---- | M] (Lars Hederer )
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/06/11 18:05:19 | 00,531,280 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/06/11 17:17:40 | 00,001,374 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/06/08 08:10:10 | 00,155,136 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/06/06 18:41:19 | 00,512,588 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/06/06 18:41:18 | 00,622,052 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/06/06 18:41:18 | 00,096,844 | ---- | M] ()
RegCure.job -> C:\WINDOWS\tasks\RegCure.job -> [2009/06/06 15:02:54 | 00,000,372 | ---- | M] ()
RegCureSetup_RW.exe -> C:\Documents and Settings\Owner\Desktop\RegCureSetup_RW.exe -> [2009/06/06 15:02:03 | 01,431,504 | ---- | M] (ParetoLogic Inc.)
Active Setup Log.BAK -> C:\WINDOWS\Active Setup Log.BAK -> [2009/06/06 14:33:28 | 00,000,962 | ---- | M] ()
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2009/06/06 14:15:01 | 00,023,392 | ---- | M] ()
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2009/06/06 14:15:01 | 00,016,832 | ---- | M] ()
ntldr -> C:\ntldr -> [2009/06/06 12:47:46 | 00,250,032 | RHS- | M] ()
ntuser.dat.rmbak -> C:\Documents and Settings\Owner\ntuser.dat.rmbak -> [2009/06/04 20:20:50 | 08,650,752 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/06/01 11:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation)
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/05/26 17:01:31 | 00,000,284 | ---- | M] ()
mssph.dll -> C:\WINDOWS\System32\mssph.dll -> [2009/05/25 00:24:06 | 00,350,208 | ---- | M] (Microsoft Corporation)
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/05/21 20:32:56 | 00,002,137 | ---- | M] ()
pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\pa.dat -> [2009/03/30 19:00:28 | 00,005,430 | ---- | M] ()hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/11/14 05:46:24 | 00,000,184 | ---- | M] ()
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/02/27 15:33:12 | 00,008,402 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/03/16 15:31:49 | 00,008,206 | ---- | M] ()
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\GridLayout.dat -> [2006/09/28 21:15:06 | 00,396,332 | ---- | M] ()
< End of report >
Hi pennyscents
Try to install both swag Bucks Toolbar and coupon bar again.....
http://swagbucks.com/?cmd=gn-s1-swagcode
http://download.cnet.com/CouponBar/3000-12512_4-10413565.html (http://download.cnet.com/CouponBar/3000-12512_4-10413565.html)
Avira AntiVir Personal (http://www.free-av.de/en/download/1/avira_antivir_personal__free_antivirus.html)- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition#tba2) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
Please reply with
a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
pennyscents
2009-06-25, 01:53
All of the problems that I am still having with my pc are listed in my last reply to you. The speed on my pc has picked up, and it is not freezing up as much. I do continue to have issues though. Please see the previous note.
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:54 PM, on 6/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Upromise\Upromise.exe
C:\Program Files\Upromise\UpromiseUa.exe
C:\Program Files\Upromise\UpromiseTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Upromise] C:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZKman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.gallery.com
O15 - Trusted Zone: *.kodakgallery.com
O15 - Trusted Zone: *.ofoto.com
O15 - Trusted Zone: http://webfetti.smileycentral.com
O15 - Trusted Zone: http://*.udmserve.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://allieddigitalphoto.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173478779220
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173478886579
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11556 bytes
pennyscents
2009-06-26, 17:47
Hi,
I just wanted to follow up with you regarding my last post.
pennyscents
2009-06-27, 20:05
I am still having problems, and I do not know what to do.
I apologise for the delay,
Peku is not available at the moment so I'll help out for now :)
My Avon Website is not working properly on my end, but fine on other pc's.
I can not print coupons from Bricks or coupons.com using Mozilla (it just freezes up).
Error that reads: spdproxy.exe-unable to locate component. The application failed because ConnAPI.DLL was not found. Re-installing application may fix this problem.
Error that reads: chkdsk is checking security description, chkdsk is verifying files 1-3, chkdsk is verifying 2-3, one of your disk needs to be checked for consitency..
I know that you said that you can't really say anything about MBAM removing a few of my things (legal issues).
Are you able to recommend a good virus protection for my pc that is really, really easy to use, and will still allow me to use my sites?
Do you know of a good way for me to keep my pc clean, even though I am using these sites?
1) What problem are you having with the Avon site ?
2) Could you use Mozilla to print coupons previously ?
3) When does this error occur ?
4) That should only have happened once, does it still happen ?
5) Nope, more a case of it's unusual for MBAM to remove legit items :)
6) Peku posted three choices for you
7) Without knowing all the sites you visit, there is no way to answer this :)
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
pennyscents
2009-07-02, 18:42
Hello Katana,
Thank you for responding. with the holiday here, and also with your request for more detailed info on the problems that I am having I will need some extra time. I will begin to take a more detailed log of when and what is happening. I should be able to get back to you on this in no later than a week.
Thank you,
Penny
no later than a week.
Due to inactivity, this thread will now be closed.
Note:If it has been seven days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.