View Full Version : Need Help
My daughter was given an older computer by a friend in the family. It was never a great computer, but not it running extremely slowly and there were some odd browser issues and toolbars, I'm not sure of the exact problem but we definitely need help thanks
DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by IBM USER at 21:01:44 on 2013-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.53 [GMT -5:00]
.
AV: Webroot® Client Security *Disabled/Updated* {B3891867-7230-459B-9987-E7CCFA7A7D1D}
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\BSAPRINT\Bsaprint.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer provided by BSA ScoutNet 2000 v.8
uSearch Bar = hxxp://pas.netbsa.org/support/search.htm
uDefault_Page_URL = hxxp://Start.netbsa.org
mStart Page = hxxp://Start.netbsa.org
mDefault_Page_URL = hxxp://Start.netbsa.org
uInternet Connection Wizard,ShellNext = hxxp://www.ibm.com/pc/support/site.wss/MIGR-44175.html
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] "c:\program files\thinkpad\utilities\TpKmapAp.exe" -helper
mRun: [TP4EX] "tp4ex.exe"
mRun: [AGRSMMSG] "AGRSMMSG.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
mRun: [Rapid Restore] "c:\program files\xpoint\pe\skin\rrpcsb.exe"
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1010 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bsapri~1.lnk - c:\bsaprint\Bsaprint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: netbsa.org
Trusted Zone: netbsa.org
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://remote.cdw.com/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123616857882
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138823139733
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www.lenovo.com/support/access/aslibmain/content/IbmEgath.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://secure.mybsa.org/Remote/msrdp.cab,DanaInfo=.a184C5BF.BI..,SSL,CT=java+
DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} - hxxps://connect9.uc.att.com/service32/application/EventEntry/AxWebInstaller.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.7615393519
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxps://access.jpmorgan.com/tssweb/shared/document/jre-1_5_0_11-windows-i586-p.exe
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.mybsa.org/dana-cached/setup/JuniperSetupSP1.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0EA2F2F8-6D80-4905-B399-48DA50344773} : DHCPNameServer = 192.168.1.254
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENetFlt.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-9-29 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-9-29 177864]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-10-11 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-29 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-29 369584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-3-1 13680]
R1 NEOFLTR_600_12141;Juniper Networks TDI Filter Driver (NEOFLTR_600_12141);c:\windows\system32\drivers\NEOFLTR_600_12141.sys [2007-10-2 63024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-29 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-29 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-29 46808]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-10-11 132456]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-3-1 54632]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-10-11 53248]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [2008-8-29 84224]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-6-12 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-3-1 64440]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-3-1 45496]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 IFCUSB;IFCUSB;c:\windows\system32\drivers\IFCUSB.SYS [2002-8-1 18164]
.
=============== Created Last 30 ================
.
2013-10-01 00:20:42 -------- d-----w- c:\documents and settings\ibm user\local settings\application data\PCHealth
2013-09-30 00:52:03 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 00:52:02 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 00:52:00 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 00:51:53 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 00:45:15 41664 ----a-w- c:\windows\avastSS.scr
2013-09-30 00:37:19 -------- d-----w- c:\program files\AVAST Software
2013-09-30 00:35:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-09-30 00:11:16 -------- d-----w- c:\windows\system32\MRT
2013-09-29 23:29:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-09-29 23:29:33 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-29 22:05:24 -------- d-----w- c:\documents and settings\ibm user\application data\AVG SafeGuard toolbar(2)
2013-09-28 00:39:40 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar(2)
2013-09-28 00:34:06 -------- d-----w- c:\documents and settings\ibm user\local settings\application data\AVG Secure Search
2013-09-26 01:21:45 -------- d-----w- c:\documents and settings\ibm user\application data\PriceGong
2013-09-25 23:37:27 -------- d-----w- c:\documents and settings\ibm user\local settings\application data\Conduit
2013-09-25 23:35:56 -------- d-----w- c:\documents and settings\ibm user\AppData
2013-09-25 23:35:04 -------- d-----w- c:\windows\system32\WNLT
2013-09-15 18:57:58 -------- d-----w- c:\program files\Monument Builders - Notre Dame
2013-09-15 18:47:23 -------- d-----w- c:\program files\The Palace Builder
2013-09-02 02:10:25 -------- d-----w- c:\windows\system32\cache
.
==================== Find3M ====================
.
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-07-26 02:47:17 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-07-26 02:47:17 105984 ----a-w- c:\windows\system32\url(3).dll
2013-07-26 02:47:11 184320 ----a-w- c:\windows\system32\iepeers(2).dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E3735] -> \Device\Harddisk0\DR0[0x832E8AB8]
3 CLASSPNP[0xF88B5FD7] -> nt!IofCallDriver[0x804E3735] -> \Device\00000089[0x8334A9E8]
5 ACPI[0xF882C620] -> nt!IofCallDriver[0x804E3735] -> \Device\Ide\IdeDeviceP0T0L0-3[0x83373940]
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; MOV AX, 0x6df; PUSH AX; RET ; ADD [BP+SI], DL; ADD [BX+DI], AL; OR AL, [DI+0x72]; JB 0x95; JB 0x48; }
user != kernel MBR !!!
.
============= FINISH: 21:04:00.77 ===============
aswMBR
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-30 21:07:34
-----------------------------
21:07:34.154 OS Version: Windows 5.1.2600 Service Pack 3
21:07:34.154 Number of processors: 1 586 0x905
21:07:34.154 ComputerName: IBM-DEA2D3B0EC7 UserName: IBM USER
21:07:35.546 Initialize success
21:07:44.439 AVAST engine defs: 13093001
21:07:53.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:07:53.041 Disk 0 Vendor: Size: 0MB BusType: 0
21:07:53.211 Disk 0 MBR read successfully
21:07:53.211 Disk 0 MBR scan
21:07:53.392 Disk 0 unknown MBR code
21:07:53.392 Disk 0 MBR hidden
21:07:53.422 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34677 MB offset 63
21:07:53.872 Disk 0 scanning C:\WINDOWS\system32\drivers
21:08:29.473 Service scanning
21:09:27.217 Modules scanning
21:09:53.064 Disk 0 trace - called modules:
21:09:53.104 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:09:53.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x832e8ab8]
21:09:53.474 3 CLASSPNP.SYS[f88b5fd7] -> nt!IofCallDriver -> \Device\00000089[0x8334a9e8]
21:09:53.484 5 ACPI.sys[f882c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83373940]
21:09:54.015 AVAST engine scan C:\WINDOWS
21:10:56.525 AVAST engine scan C:\WINDOWS\system32
21:15:57.988 AVAST engine scan C:\WINDOWS\system32\drivers
21:16:31.757 AVAST engine scan C:\Documents and Settings\IBM USER
21:19:59.606 AVAST engine scan C:\Documents and Settings\All Users
21:21:50.956 Scan finished successfully
21:22:03.834 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
21:22:03.885 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"
Hello, kar1897 . Welcome to Safer-Networking Forums.
My name is fbfbfb.
I will gladly assist you with your malware concerns. Malware logs may require some time to analyze, and because there is no quick-fix solution, we may need to use various approaches to clean your system. Please be patient.
To avoid potential problems and setbacks:
Read and follow my directions carefully, in the sequence they are posted.
If you are unsure about anything, please ask for clarification before continuing.
Do not install or uninstall any applications while your system is being cleaned.
Use only the tools recommended, and run only the scans requested.
Copy and Paste the log files inside your posts. Send attachments only if requested.
Stay with this thread until I have determined that your machine is clean and safe. Absence of symptoms does not mean your system is clear.
Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.
Please run the following scan
1. OTL
Please download OTL to your desktop from HERE (http://oldtimer.geekstogo.com/OTL.exe) or HERE (http://www.itxassociates.com/OT-Tools/OTL.exe)
Close all other applications and windows so that you have nothing open.
Double click on the http://oldtimer.geekstogo.com/OTL/OTL_Icon.gif icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button. Under Output, click Minimal Output to select it.
Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
Do not use the computer while the scan is in progress.
When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
Both logs are automatically saved to the Desktop.
Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
Click the red X in the upper right corner to exit OTL.
Can you please give me some details regarding the odd browser issues you are experiencing?
OTL Log
OTL logfile created on: 10/5/2013 8:34:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IBM USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.92 Mb Total Physical Memory | 307.18 Mb Available Physical Memory | 60.12% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.67% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.86 Gb Total Space | 9.94 Gb Free Space | 29.34% Space Free | Partition Type: NTFS
Computer Name: IBM-DEA2D3B0EC7 | User Name: IBM USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\IBM USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Xpoint\PE\PCRecSA.exe ()
PRC - C:\Program Files\Xpoint\agent\Xpagent.exe ()
PRC - C:\Program Files\Xpoint\EEClient\Xpclient.exe (Xpoint Technologies)
PRC - C:\Program Files\Xpoint\xpadmin\xpadmin.exe ()
PRC - C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE ()
PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\BSAPRINT\Bsaprint.exe (Pro*Tec Information Systems)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\13100501\algo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fce142e7009d7cd587b5d8fbc20f5448\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\WINDOWS\system32\LsaWrApi.dll ()
MOD - C:\WINDOWS\system32\C1XStngs.dll ()
MOD - C:\Program Files\Xpoint\PE\PCRecSA.exe ()
MOD - C:\Program Files\Xpoint\agent\Xpagent.exe ()
MOD - C:\Program Files\Xpoint\xpadmin\xpadmin.exe ()
MOD - C:\Program Files\Xpoint\PE\filelist.dll ()
MOD - C:\Program Files\Xpoint\PE\Implode.dll ()
MOD - C:\Program Files\Xpoint\EEClient\Implode.dll ()
MOD - C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
========== Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (PCRadminServer) -- C:\Program Files\Xpoint\PE\pcradmin.exe ()
SRV - (xpAgentServer) -- C:\Program Files\Xpoint\agent\Xpagent.exe ()
SRV - (XPadminServer) -- C:\Program Files\Xpoint\xpadmin\xpadmin.exe ()
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (PsaSrv) -- C:\WINDOWS\system32\Psasrv.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
DRV - (Changer) -- File not found
DRV - (AR5211) -- system32\DRIVERS\ar5211.sys File not found
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NEOFLTR_600_12141) -- C:\WINDOWS\system32\drivers\NEOFLTR_600_12141.sys (Juniper Networks)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (w70n51) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (SRFilter) -- C:\WINDOWS\system32\drivers\srntflt.sys (Xpoint Technologies, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (gv3) -- C:\WINDOWS\system32\drivers\gv3.sys (Microsoft Corporation)
DRV - (IFCUSB) -- C:\WINDOWS\system32\drivers\IFCUSB.SYS (InFocus)
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://Start.netbsa.org
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HTTP://Start.netbsa.org
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/default.aspx
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/default.aspx
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://Start.netbsa.org
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://pas.netbsa.org/support/search.htm
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/10/05 13:29:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe (Hewlett-Packard Inc.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\RunOnceEx: [RRPC-nls] C:\Program Files\Xpoint\nls\nls.bat File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BSA Print.lnk = C:\BSAPRINT\Bsaprint.exe (Pro*Tec Information Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: netbsa.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..Trusted Domains: netbsa.org ([]http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://remote.cdw.com/Citrix/ICAWEB/en/ica32/wficat.cab (Reg Error: Key error.)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab (IASRunner Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123616857882 (WUWebControl Class)
O16 - DPF: {689ff870-2ac0-11d5-b634-00c04faedb18} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138823139733 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www.lenovo.com/support/access/aslibmain/content/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://secure.mybsa.org/Remote/msrdp.cab,DanaInfo=.a184C5BF.BI..,SSL,CT=java+ (Microsoft RDP Client Control (redist))
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} https://connect9.uc.att.com/service32/application/EventEntry/AxWebInstaller.cab (AxWebInstaller Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38189.7615393519 (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} https://access.jpmorgan.com/tssweb/shared/document/jre-1_5_0_11-windows-i586-p.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab (acpRunner Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://secure.mybsa.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EA2F2F8-6D80-4905-B399-48DA50344773}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\IBM USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IBM USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/21 13:50:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-19\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-20\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/05 20:32:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\OTL.exe
[2013/09/30 21:06:55 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\IBM USER\Desktop\aswMBR.exe
[2013/09/30 21:01:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\IBM USER\Start Menu\Programs\Administrative Tools
[2013/09/30 21:00:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
[2013/09/30 20:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/09/30 20:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/09/30 20:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/09/30 20:58:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\IBM USER\Desktop\erunt-setup.exe
[2013/09/30 19:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\PCHealth
[2013/09/30 19:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2013/09/29 19:52:11 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/29 19:52:11 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/29 19:52:07 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/29 19:52:05 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/29 19:52:03 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/29 19:51:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/29 19:51:51 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/29 19:45:15 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/09/29 19:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/29 19:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/29 19:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/09/29 18:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2013/09/29 17:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Application Data\AVG SafeGuard toolbar(2)
[2013/09/27 19:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar(2)
[2013/09/27 19:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\AVG Secure Search
[2013/09/25 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Application Data\PriceGong
[2013/09/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit
[2013/09/25 18:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\AppData
[2013/09/25 18:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/09/15 13:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Monument Builders - Notre Dame
[2013/09/15 13:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\The Palace Builder
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/05 20:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM USER\Desktop\OTL.exe
[2013/10/05 20:19:13 | 000,000,368 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/05 20:18:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B01E769A-54CA-485A-A4D8-3390393AAF71}.job
[2013/10/05 20:17:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/10/05 20:16:57 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/05 20:15:29 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/10/05 20:14:57 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/10/05 20:14:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/05 20:14:30 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/05 10:51:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/10/05 10:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/30 21:22:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\MBR.dat
[2013/09/30 21:07:31 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\IBM USER\Desktop\aswMBR.exe
[2013/09/30 21:01:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
[2013/09/30 20:58:49 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\IBM USER\Desktop\ERUNT.lnk
[2013/09/30 20:58:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\IBM USER\Desktop\erunt-setup.exe
[2013/09/30 19:19:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2013/09/30 16:00:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\{3771F68E-9760-4D48-81FB-46F68539F5B4}_IBM-DEA2D3B0EC7_Administrator.job
[2013/09/30 09:00:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\{15D4CCC1-EA08-46E5-880E-C25AD8AC81D4}_IBM-DEA2D3B0EC7_Administrator.job
[2013/09/30 08:44:08 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/30 07:36:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/30 06:05:44 | 000,475,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/30 06:05:44 | 000,085,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/29 19:51:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/25 18:44:42 | 000,000,000 | ---- | M] () -- C:\END
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/01 20:50:49 | 000,162,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/30 21:22:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\MBR.dat
[2013/09/30 20:58:49 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\IBM USER\Desktop\ERUNT.lnk
[2013/09/30 20:43:53 | 535,810,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/30 19:19:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2013/09/29 19:52:16 | 000,000,368 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/29 19:52:02 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/29 19:52:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/25 18:36:02 | 000,000,000 | ---- | C] () -- C:\END
[2012/10/29 14:35:57 | 000,000,447 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/16 14:18:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2004/08/10 13:56:49 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2004/07/07 14:34:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258D2F8B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ECD9621
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C541B5
< End of report >
Extras Log
OTL Extras logfile created on: 10/5/2013 8:34:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IBM USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.92 Mb Total Physical Memory | 307.18 Mb Available Physical Memory | 60.12% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.67% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.86 Gb Total Space | 9.94 Gb Free Space | 29.34% Space Free | Partition Type: NTFS
Computer Name: IBM-DEA2D3B0EC7 | User Name: IBM USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\BSAPRINT\Bsaprint.exe" = C:\BSAPRINT\Bsaprint.exe:*:Enabled:bsademon -- (Pro*Tec Information Systems)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Webroot\SME\Client\SSU.EXE" = C:\Program Files\Webroot\SME\Client\SSU.EXE:*:Enabled:SSU -- ()
"C:\Program Files\Webroot\Client\SpySweeperUI.exe" = C:\Program Files\Webroot\Client\SpySweeperUI.exe:*:Enabled:SpySweeperUI
"C:\Program Files\Webroot\Client\SPYSWEEPER.EXE" = C:\Program Files\Webroot\Client\SPYSWEEPER.EXE:*:Enabled:SPYSWEEPER
"C:\Program Files\Webroot\Client\CommAgent.exe" = C:\Program Files\Webroot\Client\CommAgent.exe:*:Enabled:CommAgent
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\BSAPRINT\Bsaprint.exe" = C:\BSAPRINT\Bsaprint.exe:*:Disabled:bsademon -- (Pro*Tec Information Systems)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Disabled:Java launcher -- (IBM)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel(R) Sebring API
"{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Access IBM Tools" = Access IBM Tools
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BFGC" = Big Fish: Game Manager
"BFG-Fairy Maids" = Fairy Maids
"BFG-Plants vs Zombies" = Plants vs. Zombies
"BFG-Virtual Villagers" = Virtual Villagers: A New Home
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"BFG-Virtual Villagers The Lost Children" = Virtual Villagers: The Lost Children
"BSAPrint with Preview 1.48.44.01.04" = BSAPrint with Preview 1.48.44.01.04
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"Oracle JInitiator 1.1.8.10" = Oracle JInitiator 1.1.8.10
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"PROSet" = Intel(R) Network Connections Drivers
"Shockwave" = Shockwave
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/30/2013 8:18:20 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
Error - 9/30/2013 9:46:26 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
Error - 9/30/2013 11:14:16 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 9/30/2013 11:14:16 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10144
Error - 9/30/2013 11:14:16 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10144
Error - 10/1/2013 7:40:21 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/1/2013 7:41:14 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
Error - 10/1/2013 9:35:47 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
Error - 10/4/2013 7:12:18 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
Error - 10/5/2013 9:18:32 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Application Error | ID = 1000
Description = Faulting application setconfig.exe, version 2.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x614a5c73.
[ Lenovo-Message Center Plus/Admin Events ]
Error - 6/10/2009 4:51:53 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.
[ System Events ]
Error - 10/1/2013 8:44:11 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 1 time(s).
Error - 10/1/2013 8:44:11 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The DHCP Client service terminated unexpectedly. It has done this
1 time(s).
Error - 10/1/2013 9:34:29 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058
Error - 10/1/2013 9:41:40 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The System Update service terminated unexpectedly. It has done this
1 time(s).
Error - 10/1/2013 9:45:31 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The Workstation service terminated unexpectedly. It has done this
1 time(s).
Error - 10/1/2013 9:45:31 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The Messenger service terminated unexpectedly. It has done this 1
time(s).
Error - 10/1/2013 9:45:31 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7034
Description = The Network Connections service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/4/2013 7:11:01 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058
Error - 10/5/2013 9:16:29 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058
Error - 10/5/2013 9:19:13 PM | Computer Name = IBM-DEA2D3B0EC7 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
< End of report >
Thanks for the help.
As far as odd browser issues, the default search was changed to sweetpacks, it's crazy slow (even for this computer). Browser usually won't respond the first time, I've had to go to the task manager end it (twice since only one broswer window shows up at a two tasks) and then I am usually able to try again and get the browser to function. I know my daughter was complaining about the slowness and not being able to get to sites.
Hello kar1897.
Thank you for your logs. There are several issues we need to address to restore your daughter's computer to its functionality. Let's begin our initial cleanup.
Please back up your registry
I see you already have ERUNT on your system. To backup your files:
Locate and open the ERUNT folder and double click ERUNT.exe to start the program.
Click OK for all the prompts to back up your registry to the default location.
Please run the following scan
OTL
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
DRV - (Changer) -- File not found
DRV - (AR5211) -- system32\DRIVERS\ar5211.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...189.7615393519 (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} https://access.jpmorgan.com/tssweb/s...ows-i586-p.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.1.66.0.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2013/09/30 21:00:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
[2013/09/25 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Application Data\PriceGong
[2013/09/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit
[2013/09/30 21:01:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258D2F8B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ECD9621
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C541B5
:Commands
[emptytemp]
[resethosts]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Please run these additional scans
1. aswMBR
Please download aswMBR from HERE (public.avast.com/~gmerek/aswMBR.exe).
Double click aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions, please select Yes.
Click the Scan button to start the scan.
http://i.imgur.com/2pn88.png
On completion of the scan, click save log, save it to your desktop, and post in your next reply.
http://i.imgur.com/7Khfh.png
2. Security Check
Please download Security Check by screen317 from HERE (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or HERE (http://screen317.changelog.fr/SecurityCheck.exe). Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. This may take a few minutes.Please copy and paste the contents of that document into your next reply.
OTL Log
All processes killed
Error: Unable to interpret <DRV - (WDICA) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PDRFRAME) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PDRELI) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PDFRAME) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PDCOMP) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PCIDump) -- File not found> in the current context!
Error: Unable to interpret <DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found> in the current context!
Error: Unable to interpret <DRV - (lbrtfdc) -- File not found> in the current context!
Error: Unable to interpret <DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found> in the current context!
Error: Unable to interpret <DRV - (Changer) -- File not found> in the current context!
Error: Unable to interpret <DRV - (AR5211) -- system32\DRIVERS\ar5211.sys File not found> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...189.7615393519 (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} https://access.jpmorgan.com/tssweb/s...ows-i586-p.exe (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.1.66.0.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <[2013/09/30 21:00:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr> in the current context!
Error: Unable to interpret <[2013/09/25 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Application Data\PriceGong> in the current context!
Error: Unable to interpret <[2013/09/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit> in the current context!
Error: Unable to interpret <[2013/09/30 21:01:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258D2F8B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ECD9621> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C541B5> in the current context!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 215125 bytes
User: Administrator.IBM-DEA2D3B0EC7
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: IBM USER
->Temp folder emptied: 188716651 bytes
->Temporary Internet Files folder emptied: 13489066 bytes
->Flash cache emptied: 51534 bytes
User: LocalService
->Temp folder emptied: 66253 bytes
->Temporary Internet Files folder emptied: 41845 bytes
->Flash cache emptied: 348 bytes
User: NetworkService
->Temp folder emptied: 2332732 bytes
->Temporary Internet Files folder emptied: 483263 bytes
User: Personal
->Temp folder emptied: 1429 bytes
->Temporary Internet Files folder emptied: 178987 bytes
User: User
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138999518 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 374123114 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 139570 bytes
RecycleBin emptied: 153374 bytes
Total Files Cleaned = 686.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10062013_220558
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_asw_aisI.tm~a02480\setup.lok not found!
C:\WINDOWS\temp\Perflib_Perfdata_e1c.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
aswMBR Log
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-06 23:38:25
-----------------------------
23:38:25.508 OS Version: Windows 5.1.2600 Service Pack 3
23:38:25.518 Number of processors: 1 586 0x905
23:38:25.578 ComputerName: IBM-DEA2D3B0EC7 UserName: IBM USER
23:38:32.748 Initialize success
23:39:09.451 AVAST engine defs: 13100601
23:39:31.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:39:31.533 Disk 0 Vendor: Size: 0MB BusType: 0
23:39:32.124 Disk 0 MBR read successfully
23:39:32.124 Disk 0 MBR scan
23:39:33.546 Disk 0 unknown MBR code
23:39:33.556 Disk 0 MBR hidden
23:39:33.616 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34677 MB offset 63
23:39:35.198 Disk 0 scanning C:\WINDOWS\system32\drivers
23:40:41.944 Service scanning
23:41:44.364 Modules scanning
23:42:34.766 Disk 0 trace - called modules:
23:42:34.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:42:34.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x832e8ab8]
23:42:34.907 3 CLASSPNP.SYS[f88b5fd7] -> nt!IofCallDriver -> \Device\00000089[0x8334a9e8]
23:42:34.937 5 ACPI.sys[f882c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83373940]
23:42:35.197 AVAST engine scan C:\WINDOWS
23:43:47.711 AVAST engine scan C:\WINDOWS\system32
23:50:12.474 AVAST engine scan C:\WINDOWS\system32\drivers
23:51:01.795 AVAST engine scan C:\Documents and Settings\IBM USER
23:53:53.192 AVAST engine scan C:\Documents and Settings\All Users
23:55:20.167 Scan finished successfully
00:17:22.068 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\MBR.dat"
00:17:22.208 The log file has been saved successfully to "C:\Documents and Settings\IBM USER\Desktop\aswMBR.txt"
Checkup Log
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
W
e
b
r
o
t
®
ECHO is off.
C
l
i
e
n
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
a
v
a
s
t
!
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
W
e
b
r
o
t
ECHO is off.
S
e
c
u
r
e
A
n
y
w
h
e
r
e
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
Thanks for the help
Hello kar1897.
Thank you for the reports. An oversight on my part (missing command line) has caused OTL not to delete the unwanted files found on your system. Please scan your computer again using the contents in the new code box below. Thank you.
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
DRV - (Changer) -- File not found
DRV - (AR5211) -- system32\DRIVERS\ar5211.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1315147432-4114197283-4096068080-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...189.7615393519 (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} https://access.jpmorgan.com/tssweb/s...ows-i586-p.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.1.66.0.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2013/09/30 21:00:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
[2013/09/25 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Application Data\PriceGong
[2013/09/25 18:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit
[2013/09/30 21:01:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\IBM USER\Desktop\dds.scr
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258D2F8B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ECD9621
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C541B5
:Commands
[emptytemp]
[resethosts]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Here's the new log
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service PcdrNdisuio stopped successfully!
Service PcdrNdisuio deleted successfully!
File system32\DRIVERS\pcdrndisuio.sys File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service cpudrv stopped successfully!
Service cpudrv deleted successfully!
File C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service AR5211 stopped successfully!
Service AR5211 deleted successfully!
File system32\DRIVERS\ar5211.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1315147432-4114197283-4096068080-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFECAFE-0013-0001-0018-ABCDEFABCDEF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0018-ABCDEFABCDEF}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\WINDOWS\Downloaded Program Files\srldetect.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
C:\Documents and Settings\IBM USER\Desktop\dds.scr moved successfully.
C:\Documents and Settings\IBM USER\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\IBM USER\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Application Data\Conduit folder moved successfully.
File C:\Documents and Settings\IBM USER\Desktop\dds.scr not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:258D2F8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7ECD9621 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:19C541B5 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.IBM-DEA2D3B0EC7
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: IBM USER
->Temp folder emptied: 260829 bytes
->Temporary Internet Files folder emptied: 3818894 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Personal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1899 bytes
Total Files Cleaned = 4.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10072013_232149
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\IBM USER\Local Settings\Temp\~DFA06A.tmp not found!
File\Folder C:\Documents and Settings\IBM USER\Local Settings\Temp\~DFA097.tmp not found!
File\Folder C:\Documents and Settings\IBM USER\Local Settings\Temp\~DFA3EF.tmp not found!
File\Folder C:\Documents and Settings\IBM USER\Local Settings\Temp\~DFA412.tmp not found!
C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\973K6ZK2\search[1].htm moved successfully.
C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\973K6ZK2\showthread[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_e50.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Thanks!
Hello, kar1897.
Thank you for the OTL report. Performing the following tasks will continue cleaning the system.
Please run the following scans
1. AdwCleaner
Please download AdwCleaner from HERE (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/).
Double click on adwcleaner.exe. Note: Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
2. Junkware Removal Tool
Please download Junkware Removal Tool from HERE (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Right-mouse click JRT.exe and select Run as Administrator.
JRTwill begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.Post the contents of JRT.txt into your next reply.
DDS
You initially submitted the DDS report called dds.txt. DDS should have produced a second log named attach.txt and saved it to you desktop. If it is there, please submit this log to me. If you are unable to locate this report, please rerun DDS and submit both reports.
Thanks I'll run the additional scans when I get home from work tonight.
I included the attach.txt. as an attachment on my first post, I think I've still got it at home.
Hello, kar1897.
No problem. I have located the attach.txt that you included in your first post. Thanks. I've looked for it several times and missed it each time. :slap: No need to resend it.
ADWCleanrer
# AdwCleaner v3.006 - Report created 08/10/2013 at 21:07:15
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM USER - IBM-DEA2D3B0EC7
# Running from : C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\DOUJUZDE\AdwCleaner[1].exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
Folder Found C:\Documents and Settings\IBM USER\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\IBM USER\Local Settings\Application Data\Smartbar
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Minibar
Folder Found C:\WINDOWS\system32\WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\S
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [1059 octets] - [08/10/2013 21:07:15]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1119 octets] ##########
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by IBM USER on Tue 10/08/2013 at 21:21:31.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\IBM USER\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\IBM USER\Local Settings\Application Data\smartbar"
Successfully deleted: [Folder] "C:\Program Files\minibar"
Successfully deleted: [Folder] "C:\WINDOWS\system32\wnlt"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/08/2013 at 21:28:40.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks again
Hello kar1897.
Thank you for your adwCleaner and JRT reports.
Please run the following scan
AdwCleaner
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Multiple Antivirus Programs
Your DDS log indicates you are currently running multiple antivirus programs (Webroot Client Security, avast! Internet Security, Microsoft Security Essentials, and Webroot SecureAnywhere).
I understand this is an older computer that was given to your daughter. Have you yourself uninstalled any of these programs? Can you please confirm which antivirus program you are using? Thank you.
AdwCleaner Log
# AdwCleaner v3.007 - Report created 09/10/2013 at 22:54:49
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM USER - IBM-DEA2D3B0EC7
# Running from : C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\1QULVFA5\AdwCleaner[1].exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\IBM USER\Local Settings\Application Data\AVG Secure Search
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [1199 octets] - [08/10/2013 21:07:15]
AdwCleaner[R1].txt - [1461 octets] - [09/10/2013 22:53:37]
AdwCleaner[S0].txt - [1400 octets] - [09/10/2013 22:54:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1460 octets] ##########
As for the antivirus programs the only one I installed was Avast. The others were there from the previous owner, I planned to remove them but thats always complicated and we haven't had this computer very long. Apparently long enough to get some fun malware though. Thanks for the help.
Hello, kar1897.
Thank you for your AdwCleaner report and the information regarding your AV programs. The other AV programs that DDS is picking up do not show elsewhere in the log. They may have been deleted and left some registry files behind during the uninstall. Please run the following application. If any of these programs appear (Webroot Client Security, Microsoft Security Essentials, and Webroot SecureAnywhere), please delete them.
AppRemover
Please download AppRemover (http://www.appremover.com/download) and save it to your desktop.
Double click on AppRemover.exe to run it. There may be a short delay before it appears.
Check the box to accept the licence agreement.
Click the Start button to begin the scan.
Please wait for the scan to complete. Once done, a list of your installed programs will appear.
Choose the one or ones you want to uninstall and click Remove Selected Applications.
Click the Confirm Product to be Removed button.
Reboot if asked to do so.
Please run the following scan
Malwarebytes Anti-Malware
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please.
In your next reply, please let me know how the computer is running now and what issues you are still experiencing, if any.
MalwareBytes Log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.11.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
IBM USER :: IBM-DEA2D3B0EC7 [limited]
10/10/2013 11:13:27 PM
mbam-log-2013-10-10 (23-13-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271830
Time elapsed: 27 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
The AppRemover only detected Avast
The system seems to be running better, it was also slow, but its not nearly as awful as it was and it's as odd either. Internet Explorer does also open to warning screen that says that the security setting put my computer at risk. and if I just ignore it then that warning appears as a yellow bar across the top on every page.
Thanks for the help
Hello, kar1897.
Good to know that the computer is running better.
Regarding Internet Explorer, see if the following will work for you. However, have you considered making Mozilla Firefox or Google Chrome the default browser? Reviews rank both of these browser's security, speed, compatibility, and overall performance higher than Internet Explorer.
To download either of these browsers:
Mozilla Firefox: HERE (http://www.mozilla.org/en-US/firefox/new/)
Google Chrome: HERE (https://www.google.com/intl/en/chrome/browser/features.html#security)
Internet Explorer: Disable Security Warning Message
To disable the security settings warning messages, you have to disable the Turn off the Security Settings Check feature. To do this:
Open the Start Menu Search box.
Type GPEDIT.MSC in the open field. Press Enter.
The Local Group Policy Editor screen will open.
Under Local Computer Policy (left side of screen), locate and click on the following: Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.
Double click on Turn off the Security Settings Check feature (right side of screen).
http://i2.wp.com/www.door2windows.com/wp-content/uploads/disable-security-settings-check-in-internet-explorer/2.png
Select Enabled.
http://i0.wp.com/www.door2windows.com/wp-content/uploads/disable-security-settings-check-in-internet-explorer/3.png
Click Apply > OK.
Please run the following scan
ESET Online Scanner
ESET Online Scanner
Note: Disable any antivirus program and antispyware programs to avoid conflicts.
Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
Please do not surf the internet while your security programs are disabled.
Let the scan run uninterrupted to avoid a stall.
Remember to enable your security programs when the scan has finished.Run ESET Online Scanner from HERE (http://www.eset.eu/online-scanner).
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box YES, I accept the Terms of Use.
Click on the Start button next to it.
If prompted, allow the Add-On/Active X to install.Under Computer scan settings:
Do not check Remove found threats
Check Scan Archives.
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
Wait for the scan to finish. When the scan completes, click List of found threats.
Click Export and save the file to your desktop using a unique name, such as ESETScan.
Copy and paste the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
In your next reply, please let me know if the Internet Explorer warning message has stopped.
Hello, kar1897.
Are you still with me? Have you been able to run the ESET Online Scanner?
Due to inactivity, this topic has been closed.
If you still need help, please start a new thread.