Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Need help - IE crashing and random redirects

This is a discussion on Need help - IE crashing and random redirects within the Resolved HJT Threads forums, part of the Tech Support Forum category. I got the Windows repair virus virus a few days ago and was able to remove most of the symptoms


 
 
Thread Tools Search this Thread
Old 07-01-2011, 06:22 AM   #1
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



I got the Windows repair virus virus a few days ago and was able to remove most of the symptoms using MBAM and Spybot but I still have a few issues:

1. IE 8 crashes upon launch most of the time. Mozilla Firefox works fine for now and I can live with it but need IE for some of my applications.
2. There's an alert on my status bar that says that Windows Automatic Updates is off. But when I go to the System configuration in the Control Panel, it indicates that it's on.
3. When I do get IE 8 to work and I use Google to search for something, I get redirected to random websites.

I've been running MBAM, Spybot, and Norton scans but it has not fixed any of these issues. Thanks for any help you can provide.

Update:

Sorry, just read the instructions and running scans now. Will post output as soon as it's completed.

Here's the DDS log. And attach.zip is included. Thanks.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by ab169 at 9:23:46 on 2011-07-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2221 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.7\SQLLIB\BIN\db2mgmtsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\app\ab169\product\11.2.0\dbhome_1\bin\nmesrvc.exe
C:\app\ab169\product\11.2.0\dbhome_1\bin\omtsreco.exe
C:\WINDOWS\Explorer.EXE
C:\app\ab169\product\11.2.0\dbhome_1\perl\bin\perl.exe
C:\app\ab169\product\11.2.0\dbhome_1\jdk\bin\java.exe
C:\app\ab169\product\11.2.0\dbhome_1\bin\emagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\dpmw32.exe
C:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\app\ab169\product\11.2.0\dbhome_1\bin\emdctl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.nyu.edu/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [BGInfo] c:\program files\BGinfo.exe /timer:0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\adminu~1\startm~1\programs\startup\shortc~1.lnk - c:\AUTOEXEC.BAT
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\prints~1.lnk - c:\ps2000\Prt9532.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nyu.edu
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269388078003
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269388055421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 128.122.253.46 128.122.253.24
TCP: Interfaces\{4CA6424D-05BB-4DFA-906C-7DB132F8F1CA} : DhcpNameServer = 128.122.253.46 128.122.253.24
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10.6 trial\RNetPin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwv1_0
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin user\application data\mozilla\firefox\profiles\pdwqudq0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://home.nyu.edu
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Toodledo: statusbar@toodledo.com - %profile%\extensions\statusbar@toodledo.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-11-16 24064]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-14 108392]
R2 DB2MGMTSVC_TAEVAL27;DB2 Management Service (TAEVAL27);c:\program files\quest software\toad for data analysts trial 2.7\sqllib\bin\db2mgmtsvc.exe [2010-5-15 37736]
R2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\ab169\product\11.2.0\dbhome_1\bin\tnslsnr --> c:\app\ab169\product\11.2.0\dbhome_1\bin\TNSLSNR [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\ab169\product\11.2.0\dbhome_1\bin\oracle.exe orcl --> c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [?]
R2 PenCommService;Livescribe Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-12-29 458240]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-1-14 2477304]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-11-16 157152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-19 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110630.002\NAVENG.SYS [2011-6-30 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110630.002\NAVEX15.SYS [2011-6-30 1542392]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-10-26 20480]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-12 366640]
S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\ab169\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\ab169\product\112~1.0\dbhome_1\ccr\hosts\4d1whm1 --> c:\app\ab169\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\ab169\product\112~1.0\dbhome_1\ccr\hosts\4d1whm1 [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-1-14 23888]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2009-3-11 96256]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs="extproc_dlls=only:c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 envs=extproc_dlls=only:c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2009-3-11 65664]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\ab169\product\11.2.0\dbhome_1\bin\extjob.exe orcl --> c:\app\ab169\product\11.2.0\dbhome_1\bin\extjob.exe ORCL [?]
S4 SmartDeploy;SmartDeploy;c:\windows\system32\SmartDeploy.exe [2010-10-19 206832]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-06-27 22:40:22 217088 --sha-w- c:\documents and settings\admin user\local settings\application data\oy150.dll
2011-06-24 17:50:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 19:30:49 72080 ----a-w- c:\documents and settings\admin user\g2mdlhlpx.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2009-03-12 21:58:31 454656 ----a-w- c:\program files\putty.exe
2008-08-06 21:27:00 845864 ----a-w- c:\program files\Bginfo.exe
1999-03-23 13:50:00 666112 ----a-w- c:\program files\NYU Online Directory.exe
.
============= FINISH: 9:24:19.25 ===============
Attached Files
File Type: zip attach.zip (7.5 KB, 9 views)

__________________
jb40967 is offline  
Old 07-02-2011, 07:16 AM   #2
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

For AVG antivirus and anti-spyware security software users only.
Quote:
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
Please post the log and let me know what problem persists.

__________________
nasdaq is offline  
Old 07-05-2011, 05:30 AM   #3
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



I ran the Combofix as instructed. First time stalled so I had to rerun. I checked the symptoms again.

Of the 3 things I reported in my original post, #1 and #2 seems to have been fixed. IE does not crash anymore and the alert on my status bar re Windows Auto updates being off is gone.

But, I still get random redirects in IE when using Google.

Thanks for the help so far. Here's the Combofix log.

ComboFix 11-07-04.02 - ab169 07/05/2011 7:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2503 [GMT -4:00]
Running from: c:\documents and settings\admin user\Desktop\Debug\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin user\Application Data\EurekaLog
c:\documents and settings\admin user\g2mdlhlpx.exe
c:\windows\system32\spool\prtprocs\w32x86\xpdpp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-06-24 17:50 . 2011-06-24 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-03-12 18:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 15:31 . 2009-03-11 15:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2009-03-12 21:58 . 2009-03-12 21:58 454656 ----a-w- c:\program files\putty.exe
2008-08-06 21:27 . 2009-03-12 20:40 845864 ----a-w- c:\program files\Bginfo.exe
1999-03-23 13:50 . 2009-03-12 18:33 666112 ----a-w- c:\program files\NYU Online Directory.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BGInfo"="c:\program files\BGinfo.exe" [2008-08-06 845864]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NDPS"="c:\windows\system32\dpmw32.exe" [2009-05-04 32859]
"NWTRAY"="NWTRAY.EXE" [2009-05-04 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-14 115560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-06 1044480]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\admin user\Start Menu\Programs\Startup\
Shortcut to AUTOEXEC.lnk - C:\AUTOEXEC.BAT [2009-3-11 62]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-10-19 294912]
Printscreen 2000.lnk - c:\ps2000\Prt9532.exe [2010-5-20 316416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2010-10-21 13:08 39816 ----a-w- c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\app\\ab169\\product\\11.2.0\\dbhome_1\\jdk\\jre\\bin\\java.exe"=
"c:\\oracle\\product\\10.2.0\\client_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [11/16/2009 8:46 PM 24064]
R2 DB2MGMTSVC_TAEVAL27;DB2 Management Service (TAEVAL27);c:\program files\Quest Software\Toad for Data Analysts Trial 2.7\SQLLIB\BIN\db2mgmtsvc.exe [5/15/2010 6:47 PM 37736]
R2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR --> c:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL --> c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [?]
R2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [12/29/2010 3:50 PM 458240]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [11/16/2009 8:50 PM 157152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/19/2011 12:58 AM 105592]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [10/26/2010 9:52 AM 20480]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/12/2009 2:44 PM 366640]
S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\ab169\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\ab169\product\112~1.0\dbhome_1\ccr\hosts\4d1whm1 --> c:\app\ab169\product\112~1.0\dbhome_1\ccr\bin\nmz.exe c:\app\ab169\product\112~1.0\dbhome_1\ccr\hosts\4d1whm1 [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/14/2010 6:23 PM 23888]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/11/2009 6:50 AM 96256]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;c:\app\ab169\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> c:\app\ab169\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY:c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [3/11/2009 6:50 AM 65664]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\ab169\product\11.2.0\dbhome_1\Bin\extjob.exe ORCL --> c:\app\ab169\product\11.2.0\dbhome_1\Bin\extjob.exe ORCL [?]
S4 SmartDeploy;SmartDeploy;c:\windows\system32\SmartDeploy.exe [10/19/2010 7:10 PM 206832]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{B690DD6D-E682-40E9-AAA5-E82A3ECCFDB5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.nyu.edu/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: nyu.edu
TCP: DhcpNameServer = 128.122.253.24 128.122.253.46
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\admin user\Application Data\Mozilla\Firefox\Profiles\pdwqudq0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://home.nyu.edu
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Toodledo: statusbar@toodledo.com - %profile%\extensions\statusbar@toodledo.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-05 08:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb11g_home1ClrAgent]
"ImagePath"="c:\app\ab169\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:c:\app\ab169\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4636)
c:\windows\system32\WININET.dll
c:\program files\MMTaskbar\shellhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\app\ab169\product\11.2.0\dbhome_1\bin\nmesrvc.exe
c:\app\ab169\product\11.2.0\dbhome_1\bin\omtsreco.exe
c:\app\ab169\product\11.2.0\dbhome_1\perl\bin\perl.exe
c:\app\ab169\product\11.2.0\dbhome_1\jdk\bin\java.exe
c:\app\ab169\product\11.2.0\dbhome_1\bin\emagent.exe
c:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-07-05 08:14:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-05 12:14
.
Pre-Run: 72,741,629,952 bytes free
Post-Run: 72,919,277,568 bytes free
.
- - End Of File - - 776246FB1EAE7DBCB2C937EA8D6BB757
__________________
jb40967 is offline  
Old 07-05-2011, 07:08 AM   #4
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



The log is looking good.

Let check further.

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
__________________
nasdaq is offline  
Old 07-05-2011, 09:27 AM   #5
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



Here you go. Thanks.

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (3.6.18) Firefox Out of Date!
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````
__________________
jb40967 is offline  
Old 07-06-2011, 04:40 AM   #6
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u26-windows-i586.exe that you have downloaded to install the newest version (the x64 version is jre-6u26-windows-x64.exe).
    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java(TM) 6 Update 20

===

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Please let me know if the problem persists.
__________________
nasdaq is offline  
Old 07-07-2011, 08:25 AM   #7
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



I updated my Java version and removed the old version.

I tried to use the ESET Online Scanner. However, the link does not work for me. Any kind of link is redirected to something else. So, I went to eset.com and executed it from there. The scan started up but ended up giving an error as follows:

Internet Explorer has closed this webpage to help protect your computer


A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

What you can do:

[IMG]res://ieframe.dll/bullet.png[/IMG] Go to your home page

[IMG]res://ieframe.dll/bullet.png[/IMG] Try to return to eset.com

[IMG]res://ieframe.dll/down.png[/IMG]

Internet Explorer has closed this webpage to help protect your computer


A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

What you can do:

[IMG]res://ieframe.dll/bullet.png[/IMG] Go to your home page

[IMG]res://ieframe.dll/bullet.png[/IMG] Try to return to eset.com

[IMG]res://ieframe.dll/down.png[/IMG]


Internet Explorer has closed this webpage to help protect your computer


A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

What you can do:

[IMG]res://ieframe.dll/bullet.png[/IMG] Go to your home page

[IMG]res://ieframe.dll/bullet.png[/IMG] Try to return to eset.com

[IMG]res://ieframe.dll/down.png[/IMG] More information

Internet Explorer has closed this webpage to help protect your computer


A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

What you can do:

[IMG]res://ieframe.dll/bullet.png[/IMG] Go to your home page

[IMG]res://ieframe.dll/bullet.png[/IMG] Try to return to eset.com

[IMG]res://ieframe.dll/down.png[/IMG] More information


Internet Explorer has closed this webpage to help protect your computer.
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

I tried executing it using Mozilla Firefox and it started to execute but it stalled. I had to terminate it.
__________________
jb40967 is offline  
Old 07-07-2011, 11:07 AM   #8
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Can you boot to safe mode with Internet Connectivity?
  • Restart your computer in Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
  • When the Windows Advanced Options menu appears, select an option, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
__________________
nasdaq is offline  
Old 07-11-2011, 06:03 AM   #9
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



Rebooted in safe more with networking this morning. I could not do it last week as I was working remotely.

Running ESET online scanner as instructed. This is the third try so far. With two previous attempts, the scanner stopped and the IE session disappeared. Not sure why. Will post results later. Thanks.
__________________
jb40967 is offline  
Old 07-11-2011, 06:19 AM   #10
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Forget about Eset scan for now.

See if you can run this tool and submit the logs.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
__________________
nasdaq is offline  
Old 07-11-2011, 12:52 PM   #11
Registered Member
 
Join Date: Jul 2011
Posts: 6
OS: Win XP



With the third attempt at running ESET, the IE session died after reaching 28%. First two runs quit at around 10%.

Anyway, I ran OTL. Here are the two results.

OTL logfile created on: 7/11/2011 3:42:11 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\admin user\Desktop\Debug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.96% Memory free
6.34 Gb Paging File | 5.22 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 65.27 Gb Free Space | 43.81% Space Free | Partition Type: NTFS

Computer Name: 4D1WHM1 | User Name: ab169 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin user\Desktop\Debug\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)
PRC - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - c:\app\ab169\product\11.2.0\dbhome_1\BIN\oracle.exe (Oracle Corporation)
PRC - C:\app\ab169\product\11.2.0\dbhome_1\BIN\omtsreco.exe (Oracle Corporation)
PRC - C:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR.EXE (Oracle Corporation)
PRC - C:\app\ab169\product\11.2.0\dbhome_1\BIN\emagent.exe (Oracle Corporation)
PRC - C:\app\ab169\product\11.2.0\dbhome_1\BIN\nmesrvc.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\app\ab169\product\11.2.0\dbhome_1\perl\bin\perl.exe ()
PRC - C:\app\ab169\product\11.2.0\dbhome_1\jdk\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin user\Desktop\Debug\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Brother XP spl Service) -- File not found
SRV - (PenCommService) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe (Livescribe)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (OracleOraDb11g_home1ConfigurationManager) -- c:\app\ab169\product\11.2.0\dbhome_1\ccr\bin\nmz.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (DB2MGMTSVC_TAEVAL27) DB2 Management Service (TAEVAL27) -- C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (OracleServiceORCL) -- c:\app\ab169\product\11.2.0\dbhome_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerORCL) -- c:\app\ab169\product\11.2.0\dbhome_1\Bin\extjob.exe ()
SRV - (OracleMTSRecoveryService) -- C:\app\ab169\product\11.2.0\dbhome_1\bin\omtsreco.exe (Oracle Corporation)
SRV - (OracleOraDb11g_home1TNSListener) -- C:\app\ab169\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe (Oracle Corporation)
SRV - (OracleDBConsoleorcl) -- C:\app\ab169\product\11.2.0\dbhome_1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb11g_home1ClrAgent) -- C:\app\ab169\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe (Oracle Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (SmartDeploy) -- C:\WINDOWS\System32\SmartDeploy.exe (Prowess
OS Deployment - SmartDeploy)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110710.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110710.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (PulseUsb) -- C:\WINDOWS\system32\drivers\PulseUsb.sys (Windows (R) Win 7 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (s3legacy) -- C:\WINDOWS\system32\drivers\s3legacy.sys (Microsoft Corporation)
DRV - (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright (C) Creative Technology Ltd. 1994-2001)
DRV - (DC21x4) -- C:\WINDOWS\system32\drivers\dc21x4.sys (Intel Corporation.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC176...t/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC176...t/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.nyu.edu/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "home.nyu.edu"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/03/24 02:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/07/07 10:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 08:04:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 08:04:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/02 11:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/19 16:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Extensions
[2010/10/19 16:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/03/12 11:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/18 15:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\72ub2f96.default\extensions
[2010/03/24 12:15:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\72ub2f96.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/12 14:04:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\72ub2f96.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/07/07 11:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\pdwqudq0.default\extensions
[2011/06/02 16:31:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\pdwqudq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 16:01:59 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\pdwqudq0.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/06/06 08:44:17 | 000,000,000 | ---D | M] (Toodledo) -- C:\Documents and Settings\admin user\Application Data\Mozilla\Firefox\Profiles\pdwqudq0.default\extensions\statusbar@toodledo.com
[2011/07/07 11:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 13:48:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/12 14:14:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/08 09:40:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/07/07 10:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/07 10:58:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/24 13:48:41 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/06/24 13:48:41 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/07/07 10:58:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/24 13:48:42 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/03/03 14:04:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/03 14:53:32 | 000,109,420 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2011/06/03 14:50:52 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/06/03 14:50:52 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/06/03 14:50:52 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/06/03 14:50:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/06/03 14:50:52 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/06/03 14:50:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/06/03 14:50:52 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/07/05 08:09:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BGInfo] C:\Program Files\BGinfo.exe (Sysinternals)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\admin user\Start Menu\Programs\Startup\Shortcut to AUTOEXEC.lnk = C:\AUTOEXEC.BAT ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printscreen 2000.lnk = C:\Ps2000\Prt9532.exe (Super Simple Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: nyu.edu ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1269388078003 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1269388055421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.122.253.24 128.122.253.46
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Trial\RNetPin.dll ()
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin user\My Documents\My Pictures\Van Gogh2.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 1016 | 000,000,062 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 08:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/11 07:51:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/07 12:56:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin user\Recent
[2011/07/07 12:36:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/07 10:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/07 10:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/07/07 10:58:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/07 10:58:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/07 10:58:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/07 10:58:31 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/05 09:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin user\Application Data\com.livescribe.LivescribeConnect
[2011/07/05 09:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin user\Start Menu\Programs\Livescribe
[2011/07/05 09:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Livescribe
[2011/07/05 07:44:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/05 07:42:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/05 07:42:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/05 07:42:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/05 07:42:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/05 07:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/05 07:41:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 23:30:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/01 09:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin user\Desktop\Debug
[2011/06/28 08:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/24 13:50:59 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2009/03/12 17:58:29 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
[2009/03/12 16:40:03 | 000,845,864 | ---- | C] (Sysinternals) -- C:\Program Files\Bginfo.exe
[2009/03/12 14:33:45 | 000,666,112 | ---- | C] (University Of Illinois) -- C:\Program Files\NYU Online Directory.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 15:45:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B690DD6D-E682-40E9-AAA5-E82A3ECCFDB5}.job
[2011/07/11 15:36:18 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\admin user\My Documents\Default.rdp
[2011/07/11 13:54:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 10:12:59 | 000,469,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 10:12:59 | 000,080,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/11 10:11:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 10:09:24 | 003,145,782 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2011/07/11 10:05:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 07:48:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_11_7_48_6.dmp
[2011/07/09 21:15:22 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2011/07/08 09:35:29 | 000,000,139 | ---- | M] () -- C:\WINDOWS\winph.ini
[2011/07/07 13:42:50 | 000,014,236 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_13_42_50.dmp
[2011/07/07 12:40:10 | 000,014,286 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_12_40_10.dmp
[2011/07/07 12:37:14 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/07 11:26:14 | 000,014,236 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_11_26_13.dmp
[2011/07/07 10:58:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/07 10:58:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/07 10:58:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/07 10:58:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/07 10:58:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/07 10:30:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_10_30_5.dmp
[2011/07/06 15:39:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 07:44:57 | 000,014,860 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_6_7_44_57.dmp
[2011/07/05 09:08:32 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2011/07/05 08:16:22 | 000,014,086 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_5_8_16_21.dmp
[2011/07/05 08:09:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/05 07:57:47 | 000,014,286 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_5_7_57_46.dmp
[2011/07/05 07:57:31 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\admin user\ntuser.pol
[2011/07/05 07:44:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/30 14:53:16 | 000,123,761 | ---- | M] () -- C:\Documents and Settings\admin user\Desktop\PR Reappt Actions_06292011.bqy
[2011/06/30 12:52:51 | 000,318,620 | ---- | M] () -- C:\Documents and Settings\admin user\Desktop\PASS_MyTime _Retro_Trans.bqy
[2011/06/29 07:40:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_29_7_40_31.dmp
[2011/06/28 09:43:30 | 000,014,136 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_28_9_43_29.dmp
[2011/06/28 08:54:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_28_8_54_42.dmp
[2011/06/28 06:02:06 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7d23l3abdp2i5u1jej48
[2011/06/28 06:02:06 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\admin user\Local Settings\Application Data\7d23l3abdp2i5u1jej48
[2011/06/27 22:54:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_27_22_54_34.dmp
[2011/06/26 13:00:58 | 000,000,158 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 12:04:32 | 000,014,810 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_12_4_30.dmp
[2011/06/24 11:30:51 | 000,014,710 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_11_30_51.dmp
[2011/06/24 10:59:26 | 000,014,086 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_59_26.dmp
[2011/06/24 10:31:52 | 000,015,110 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_31_51.dmp
[2011/06/24 1035 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_6_35.dmp
[2011/06/17 13:07:12 | 000,004,781 | ---- | M] () -- C:\Documents and Settings\admin user\Desktop\Test.sql
[2011/06/15 09:49:24 | 000,012,575 | ---- | M] () -- C:\WINDOWS\Temp.htm
[2011/06/15 09:49:24 | 000,000,860 | ---- | M] () -- C:\WINDOWS\TempvertArrow.gif
[2011/06/15 09:49:24 | 000,000,859 | ---- | M] () -- C:\WINDOWS\TemphorzArrow.gif
[2011/06/15 09:49:24 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tempfirst.gif
[2011/06/15 09:49:24 | 000,000,437 | ---- | M] () -- C:\WINDOWS\Temppgleftout.gif
[2011/06/15 09:49:24 | 000,000,437 | ---- | M] () -- C:\WINDOWS\Temppgleft.gif
[2011/06/15 09:49:24 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Templast.gif
[2011/06/15 09:49:24 | 000,000,433 | ---- | M] () -- C:\WINDOWS\Temppgrightout.gif
[2011/06/15 09:49:24 | 000,000,433 | ---- | M] () -- C:\WINDOWS\Temppgright.gif
[2011/06/15 09:49:24 | 000,000,239 | ---- | M] () -- C:\WINDOWS\Templastout.gif
[2011/06/15 09:49:24 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tempfirstout.gif
[2011/06/13 11:54:10 | 000,192,883 | ---- | M] () -- C:\Documents and Settings\admin user\My Documents\31. Quarterly Audit Report Nov 2010.pdf
[2011/06/13 11:53:16 | 000,213,638 | ---- | M] () -- C:\Documents and Settings\admin user\My Documents\31. Quarterly Audit Report Feb 2011.pdf
[2011/06/12 15:55:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_12_15_55_0.dmp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 07:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_11_7_48_6.dmp
[2011/07/07 13:42:50 | 000,014,236 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_13_42_50.dmp
[2011/07/07 12:40:10 | 000,014,286 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_12_40_10.dmp
[2011/07/07 11:26:13 | 000,014,236 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_11_26_13.dmp
[2011/07/07 10:30:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_7_10_30_5.dmp
[2011/07/06 07:44:57 | 000,014,860 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_6_7_44_57.dmp
[2011/07/05 09:08:32 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2011/07/05 08:16:21 | 000,014,086 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_5_8_16_21.dmp
[2011/07/05 07:57:46 | 000,014,286 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_7_5_7_57_46.dmp
[2011/07/05 07:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/05 07:44:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/05 07:42:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/05 07:42:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/05 07:42:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/05 07:42:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/05 07:42:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/30 14:53:19 | 000,123,761 | ---- | C] () -- C:\Documents and Settings\admin user\Desktop\PR Reappt Actions_06292011.bqy
[2011/06/30 12:52:51 | 000,318,620 | ---- | C] () -- C:\Documents and Settings\admin user\Desktop\PASS_MyTime _Retro_Trans.bqy
[2011/06/29 07:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_29_7_40_31.dmp
[2011/06/28 09:43:29 | 000,014,136 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_28_9_43_29.dmp
[2011/06/28 08:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_28_8_54_42.dmp
[2011/06/27 22:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_27_22_54_34.dmp
[2011/06/27 18:40:24 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7d23l3abdp2i5u1jej48
[2011/06/27 18:40:24 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\admin user\Local Settings\Application Data\7d23l3abdp2i5u1jej48
[2011/06/24 12:36:41 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NYU Online Directory.lnk
[2011/06/24 12:36:40 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2011/06/24 12:36:40 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\admin user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/06/24 12:36:40 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\admin user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/24 12:36:40 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\admin user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/24 12:36:40 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
[2011/06/24 12:36:40 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printscreen 2000.lnk
[2011/06/24 12:36:40 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\admin user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/24 12:36:33 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/06/24 12:36:33 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2011/06/24 12:36:33 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2011/06/24 12:36:33 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/24 12:36:33 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/06/24 12:36:33 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TextPad.lnk
[2011/06/24 12:36:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/24 12:36:33 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/24 12:36:33 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\NYU Online Directory.lnk
[2011/06/24 12:36:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PuTTY.lnk
[2011/06/24 12:04:30 | 000,014,810 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_12_4_30.dmp
[2011/06/24 11:30:51 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_11_30_51.dmp
[2011/06/24 10:59:26 | 000,014,086 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_59_26.dmp
[2011/06/24 10:31:51 | 000,015,110 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_31_51.dmp
[2011/06/24 1035 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_24_10_6_35.dmp
[2011/06/17 13:07:12 | 000,004,781 | ---- | C] () -- C:\Documents and Settings\admin user\Desktop\Test.sql
[2011/06/15 09:48:08 | 000,012,575 | ---- | C] () -- C:\WINDOWS\Temp.htm
[2011/06/15 09:48:08 | 000,000,860 | ---- | C] () -- C:\WINDOWS\TempvertArrow.gif
[2011/06/15 09:48:08 | 000,000,859 | ---- | C] () -- C:\WINDOWS\TemphorzArrow.gif
[2011/06/15 09:48:08 | 000,000,438 | ---- | C] () -- C:\WINDOWS\Tempfirst.gif
[2011/06/15 09:48:08 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Temppgleftout.gif
[2011/06/15 09:48:08 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Temppgleft.gif
[2011/06/15 09:48:08 | 000,000,436 | ---- | C] () -- C:\WINDOWS\Templast.gif
[2011/06/15 09:48:08 | 000,000,433 | ---- | C] () -- C:\WINDOWS\Temppgrightout.gif
[2011/06/15 09:48:08 | 000,000,433 | ---- | C] () -- C:\WINDOWS\Temppgright.gif
[2011/06/15 09:48:08 | 000,000,239 | ---- | C] () -- C:\WINDOWS\Templastout.gif
[2011/06/15 09:48:08 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Tempfirstout.gif
[2011/06/13 11:54:10 | 000,192,883 | ---- | C] () -- C:\Documents and Settings\admin user\My Documents\31. Quarterly Audit Report Nov 2010.pdf
[2011/06/13 11:53:16 | 000,213,638 | ---- | C] () -- C:\Documents and Settings\admin user\My Documents\31. Quarterly Audit Report Feb 2011.pdf
[2011/06/12 15:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_6_12_15_55_0.dmp
[2011/03/16 15:18:48 | 000,000,107 | ---- | C] () -- C:\WINDOWS\prt9532.ini
[2011/03/04 17:07:31 | 000,000,380 | ---- | C] () -- C:\WINDOWS\pdf2text.INI
[2011/03/04 1713 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdftotext.dat
[2011/03/03 22:01:32 | 000,000,074 | ---- | C] () -- C:\WINDOWS\brioqplg.ini
[2010/12/15 12:57:56 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/11/07 18:58:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\admin user\Application Data\winscp.rnd
[2010/11/01 17:13:41 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\admin user\Local Settings\Application Data\fusioncache.dat
[2010/10/22 12:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 16:20:41 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\wwh4api.dll
[2010/10/19 16:16:39 | 000,032,389 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2010/10/19 16:16:38 | 000,049,553 | ---- | C] () -- C:\WINDOWS\bqmeta0.ini
[2010/10/19 15:48:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/19 15:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/19 15:13:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/19 15:12:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/20 11:34:56 | 000,000,658 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/20 11:28:07 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/11/16 20:59:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/16 20:59:11 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/11/16 20:59:11 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/16 20:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/04 11:10:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2009/05/04 11:10:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2009/05/04 11:10:11 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2009/05/04 11:09:47 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2009/05/04 11:09:26 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2009/05/04 11:09:25 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2009/05/04 11:09:20 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2009/05/04 11:09:08 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2009/05/04 11:09:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2009/05/04 11:09:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2009/05/04 11:09:01 | 000,012,736 | ---- | C] () -- C:\WINDOWS\System32\cmdinfo.exe
[2009/05/04 11:08:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2009/05/04 09:31:53 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/02 10:55:15 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/12 14:34:26 | 000,000,139 | ---- | C] () -- C:\WINDOWS\winph.ini
[2009/03/12 11:25:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/12 08:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/03/11 11:55:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/11 06:48:55 | 000,004,554 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 06:47:24 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/01 19:11:22 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/12/01 19:11:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,469,292 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,080,932 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/23 14:12:18 | 001,567,232 | R--- | C] () -- C:\WINDOWS\System32\LWPAPIN.DLL
[2007/03/23 14:12:18 | 000,371,960 | R--- | C] () -- C:\WINDOWS\System32\cmmap000.bin
[2007/03/23 14:12:18 | 000,260,531 | R--- | C] () -- C:\WINDOWS\System32\adinit.dat
[2007/03/23 14:12:18 | 000,183,254 | R--- | C] () -- C:\WINDOWS\System32\LWPAPIPN.DAT
[2005/04/15 12:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 12:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/19 17:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2011/07/05 09:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\com.livescribe.LivescribeConnect
[2010/10/25 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Helios
[2010/11/07 21:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\interwoven
[2009/03/12 14:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Jolly Giant Software
[2009/04/16 12:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\OfficeUpdate12
[2010/11/18 13:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Quest Software
[2010/10/25 10:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Software
[2010/10/26 09:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Temp
[2009/03/12 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Thunderbird
[2009/06/03 14:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Windows Desktop Search
[2010/11/10 15:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin user\Application Data\Windows Search
[2010/05/20 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AR System
[2010/11/18 12:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2010/10/26 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe
[2010/11/18 13:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/10/25 1035 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2009/05/04 09:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/11/18 12:57:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
[2011/07/11 15:45:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B690DD6D-E682-40E9-AAA5-E82A3ECCFDB5}.job

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 7/11/2011 3:42:11 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\admin user\Desktop\Debug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.96% Memory free
6.34 Gb Paging File | 5.22 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 65.27 Gb Free Space | 43.81% Space Free | Partition Type: NTFS

Computer Name: 4D1WHM1 | User Name: ab169 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- Reg Error: Value error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\app\ab169\product\11.2.0\dbhome_1\jdk\jre\bin\java.exe" = C:\app\ab169\product\11.2.0\dbhome_1\jdk\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\oracle\product\10.2.0\client_1\jdk\jre\bin\java.exe" = C:\oracle\product\10.2.0\client_1\jdk\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F695CFF-C3A2-4A06-8D40-2FC93BC4208A}" = BMC Remedy User 7.0
"{1FE9594B-E51F-9845-0466-C0D1D915FBB5}" = Catalyst Control Center InstallProxy
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MyODBC
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4757D8ED-C630-4B95-BAE5-2D17560B6BB5}" = Quest Software Toad Data Modeler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BA5B4DE-161E-4CC1-A0DB-1201C619A539}" = Quest SQL Optimizer for Oracle Trial
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{7AB4E3B5-55D6-46E5-BEA7-F2CF1BEE3F4A}" = Toad for Oracle 10.6 Trial
"{8119ACFF-C854-4AF2-BD64-A16EA6CF8C7A}" = Quest Software Toad for Data Analysts Trial 2.7
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926A54BE-E124-4A80-9297-CD3BF3BE7AC2}" = Desktop Profiler Wizard
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B11DA33B-F355-463B-9B69-72DBA1D8CECE}" = Toad for Oracle
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BEAED2F4-04C7-95C4-7D8F-500EFE6CD1F9}" = ccc-core-static
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7D4D0F-CDED-CD3A-285A-C5EE017769E5}" = Livescribe Connect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
"{D44D97D9-919B-4A6D-ABE8-C84B3DD757A9}" = Hyperion Intelligence Client
"{DD14C745-AC15-4B5C-9820-8F874FA0B328}" = Quest SQL Optimizer for Oracle Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Brio Performance Client" = Hyperion Intelligence Explorer
"CCleaner" = CCleaner (remove only)
"CodeSite 3.0.1 Client Tools" = CodeSite 3.0.1 Client Tools
"com.livescribe.LivescribeConnect" = Livescribe Connect
"ESET Online Scanner" = ESET Online Scanner v3
"hIDB8_3_1Suite" = Hyperion Intelligence Dashboard Builder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Livescribe Desktop 2.7.2" = Livescribe Desktop
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Printscreen 2000 V8.0" = Printscreen 2000 V8.0
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quest Installer" = Quest Installer
"QWS3270 Secure" = QWS3270 Secure
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winscp3_is1" = WinSCP 4.2.9
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.721
"NYU Prod - Help" = NYU Prod - Help
"NYU QA - Help" = NYU QA - Help
"NYU Test - Help" = NYU Test - Help
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2011 1:47:01 PM | Computer Name = 4D1WHM1 | Source = Application Error | ID = 1004
Description = Faulting application nmz.exe, version 0.0.0.0, faulting module nmz.exe,
version 0.0.0.0, fault address 0x0000a318.

Error - 7/7/2011 1:50:50 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 excel.exe, P2 12.0.6557.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/7/2011 1:51:49 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 excel.exe, P2 12.0.6557.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/7/2011 1:55:08 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6545.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/7/2011 2:30:43 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6545.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/7/2011 4:39:24 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 powerpnt.exe, P2 12.0.6545.5000,
P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/8/2011 11:32:15 AM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 excel.exe, P2 12.0.6557.5000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/9/2011 10:11:30 PM | Computer Name = 4D1WHM1 | Source = Application Error | ID = 1000
Description = Faulting application nmz.exe, version 0.0.0.0, faulting module nmz.exe,
version 0.0.0.0, fault address 0x0000a318.

Error - 7/11/2011 7:41:50 AM | Computer Name = 4D1WHM1 | Source = Application Error | ID = 1004
Description = Faulting application nmz.exe, version 0.0.0.0, faulting module nmz.exe,
version 0.0.0.0, fault address 0x0000a318.

Error - 7/11/2011 10:07:18 AM | Computer Name = 4D1WHM1 | Source = Application Error | ID = 1000
Description = Faulting application nmz.exe, version 0.0.0.0, faulting module nmz.exe,
version 0.0.0.0, fault address 0x0000a318.

[ OSession Events ]
Error - 12/1/2010 1:30:43 PM | Computer Name = 4D1WHM1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/11/2011 7:56:19 AM | Computer Name = 4D1WHM1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 7:59:00 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

Error - 7/11/2011 8:01:12 AM | Computer Name = 4D1WHM1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 10:01:04 AM | Computer Name = 4D1WHM1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 10:09:27 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 7/11/2011 10:09:27 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7000
Description = The BrSplService service failed to start due to the following error:
%%2

Error - 7/11/2011 10:09:27 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 7/11/2011 10:09:27 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the OracleOraDb11g_home1ConfigurationManager
service to connect.

Error - 7/11/2011 10:09:27 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7000
Description = The OracleOraDb11g_home1ConfigurationManager service failed to start
due to the following error: %%1053

Error - 7/11/2011 10:10:51 AM | Computer Name = 4D1WHM1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SYMTDI

[ WorkSite Events ]
Error - 4/12/2011 4:12:23 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/12/2011 4:13:47 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/12/2011 4:14:02 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/12/2011 4:15:34 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/12/2011 4:15:48 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/13/2011 8:02:31 AM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/13/2011 8:17:46 AM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/13/2011 9:47:30 AM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/13/2011 9:47:56 AM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)

Error - 4/13/2011 12:21:54 PM | Computer Name = 4D1WHM1 | Source = WorkSiteOfficeAddinExt | ID = 0
Description = AutoLogin: System.ArgumentException: Value does not fall within the
expected range. at WorkSite.IManMPExt.ContextItemsClass.Item(String Name) at
WorkSiteOfficeAddinExt.WSSession.AutoLogin(Boolean& Cancel)


< End of report >
Thanks.
__________________
jb40967 is offline  
Old 07-12-2011, 06:18 AM   #12
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,654
OS: Windows 2000 Pro. - Vista SP 2, W7



Your logs are clean. No infection found on this computer.

Try this to check on your Internet Explorer.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Next time you get a BSOD or your Internet Explorer freezes I suggest you start a new topic in the Windows XP forum.

Windows XP Support - Tech Support Forum

===

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bold text into the Run box and click OK:

    ComboFix /Uninstall
===

You can just delete the other tools we used.
__________________
nasdaq is offline  
Old 07-23-2011, 08:03 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,590
OS: XP Win7 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Getting Random BSOD
Hello everyone, Win 7 x64 Ultimate ASUS Crosshair IV formula (latest BOIS Rev 1304, and BIOS defaults loaded) AMD Phenom II X6 1100T @ 3.3GHz G.Skill DDR3 1333 8GB(2x4GB) 2x AMD Radeon 6950's in CF Enermax Revolution 85+ 1020W PSU 2x C300 Crucial SSD's in RAID 0 (OS installed) 1x WD 750GB
4fuzzyID10T BSOD, App Crashes And Hangs 4 05-22-2011 08:37 AM
Random BSOD when playing installed games in Windows 7 64-Bit
Very recently I have built two brand new computers, one for myself, and one for my boyfriend, and all of the hardware seems to function, at least from the outside. Our computers are completely identical in build and in specs. They were built less than a month ago, and the only differences between...
MelancholyRose BSOD, App Crashes And Hangs 5 04-24-2011 06:32 AM
Computer crashing frequently - please help!
Hi everyone. My computer is crashing often, and I'm at my wits end trying to figure it out. I'm not very tech-savvy so I apologise if I leave some things out. I'm using Windows XP, service pack 3, computer was custom built by a friend about 2 years ago so I don't know exactly what's in there...
Kheldar2 Windows XP Support 3 02-02-2011 01:48 PM
Random crashing
Ok, I'm new here, and pretty much a tech novice. But I'll try my best to describe what's happening and tell you what I have. On my desktop computer that I've had for about 1½ years (a Gateway GT5656) has recently been acting really funny. For the most part I've kept it pretty clean from...
Sinrman Virus/Trojan/Spyware Help 3 01-29-2011 08:27 AM
I need help with my computer crashing
My computer has been crashing a lot, sometime with BSOD's but mostly I'll just get random boxes and colors on the screen followed by all black or vertical gray stripes or all light blue. I have to turn off my computer and when I try to turn it back on, the fans will spin and light up but the...
bobloy BSOD, App Crashes And Hangs 4 01-27-2011 02:26 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:53 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts