Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer won't load internet
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 11-06-2009, 12:58 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Computer won't load internet
Hi all,

I have a problem with my computer, when I try to connect to the internet or load a program, I get a notice that says,

Bad image
The application or DLL C:\WINDOWS\system32\pepufebe.dll is not a valid Windows image. Please check this against your installation disckette.

When I click through 25 or 30 of these, I can load some programs(Quickbooks) but not the Internet Explorer, when that trys to load it just shuts off, I think that is called crashing.

I read the instructions on what to do before posting for help and found a p2p program and removed it from my computer at the program add\remove place.

I cannot download any report programs because I cannot connect to the internet.

I am posting this from my wifes laptop, hoping to find an answer for this problem.


I also have a program called Logmein that my bookkeeper uses to remotely update my Quickbooks. I think that this problem started after her last session two days ago. It was after that, that I could not get on the internet.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-07-2009, 04:54 AM   #2 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Gi,

can you download the programs to your wife's computer and transfer them over via USB as we need to have diagnostic logs to begin to know what is infecting your computer.

Please run the following programs:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 10:22 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
OK,
I have downloaded the DDS file and the gmer to my wifes laptop, saved them to a flash drive and plugged into my computer and saved them to the desktop.

When I open the dds a black screen with a flashing curser comes up and does nothing, I double click the name on the top and nothing changes, if I right click it says that I can close it, so I guess it is open, but nothing happens.

When I try to open the gmer, nothing happens, it just blinks and does nothing.

It acts the same as when I try to load the internet explorer program, just a blink and then nothing.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 12:07 PM   #4 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
are you able to log into safe mode/

tap F8 repeatedly upon startup...arrow up to safe mode.

try running the programs in safe mode.

Try running this following program as well:


Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 07:47 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
Hi again,

I got exehelper to run,

exeHelper by Raktor
Build 20091021
Run at 19:11:36 on 11/07/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\~.exe
Deleting file C:\WINDOWS\system32\calc.dll
Error deleting C:\WINDOWS\system32\calc.dll
Deleting file C:\Documents and Settings\Compaq_Owner\ntuser.dll
Deleting file C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\scandisk.lnk
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


I also got gmer to run,


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 18:58:22
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\uwlcraoc.sys


---- System - GMER 1.0.15 ----

SSDT 842C66E8 ZwAlertResumeThread
SSDT 842C67C8 ZwAlertThread
SSDT 842CA828 ZwAllocateVirtualMemory
SSDT 8435E700 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF36DA020]
SSDT 842C4908 ZwCreateMutant
SSDT 842C9768 ZwCreateThread
SSDT 842C3838 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF36DA2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF36DA800]
SSDT 842CB8C8 ZwFreeVirtualMemory
SSDT 842C57B0 ZwImpersonateAnonymousToken
SSDT 842C5890 ZwImpersonateThread
SSDT 842CB7C8 ZwMapViewOfSection
SSDT 842C4848 ZwOpenEvent
SSDT 842CA918 ZwOpenProcessToken
SSDT 842C3918 ZwOpenSection
SSDT 842C8790 ZwOpenThreadToken
SSDT 8431C8A8 ZwResumeThread
SSDT 842C7918 ZwSetContextThread
SSDT 842C8880 ZwSetInformationProcess
SSDT 842C7848 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF36DAA50]
SSDT 842C4788 ZwSuspendProcess
SSDT 842C76C8 ZwSuspendThread
SSDT 842CD6C8 ZwTerminateProcess
SSDT 842C7768 ZwTerminateThread
SSDT 842CB6E8 ZwUnmapViewOfSection
SSDT 842CA738 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Compaq_Owner\ntuser.dll 24064 bytes executable
File C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\scandisk.dll 24064 bytes executable
File C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\scandisk.lnk 655 bytes
File C:\Documents and Settings\LocalService\ntuser.dll 24064 bytes executable
File C:\Documents and Settings\NetworkService\ntuser.dll 24064 bytes executable
File C:\WINDOWS\system32\calc.dll 24064 bytes executable

---- EOF - GMER 1.0.15 ----


I hope this will help, you have been great.

John
Last edited by cholla; 11-07-2009 at 07:54 PM.
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 08:14 PM   #6 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Please do the following:

Download Combofix from either of the links below. You must rename it to combafix.exe before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------
  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

    -----------------------------------------------------------
  • Double click on the renamed ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt so we can continue cleaning the system.

-----------------------------------------------------------
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 12:05 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
OK,
I have down loaded and changed the name on combafix, saved to desktop and tried to run the program. It won't open, won't run, nada.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 12:09 PM   #8 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Please delete that copy,

download a fresh copy and rename it to combo.com before saving it.

make sure you save as 'file type' "All Files"

Make certain all your security programs are disabled.

If it will not run in normal mode - try it in safe mode (tap F8 as you boot up till the option menu appears - arrow up to safe mode)
__________________


ASAP & UNITE Member
Last edited by CatByte; 11-08-2009 at 12:13 PM.
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 03:30 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
No joy, tried the new version in regular mode, nothing.

Tried in safe mode, it would load, but not do anything, just a black screen with a blinking curser.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 03:41 PM   #10 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Please try this scan instead

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them.
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 06:01 PM   #11 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
OK,Loaded and tried to run after manually typing in all the stuff for custom scans (how do you cut and paste between computers, I am communicating from a different one that I am trying to fix) Program opened and I
clicked quick scan and the curser turned to an hourglass in the box but nothing else happens.
when I try to close the non working program I get the not responding box, do you want to end now? I say yes and nothing happens. Its still open, not doing anything.

Now the address bar for the OTL says not responding as well.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 08:54 PM   #12 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi
Try the following:


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Try one of those...if one of them runs - stop - then run the OTL program, or DDS and/or GMER
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 01:34 PM   #13 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
Tried all 6-- nothing would run, black screens with blinkig cursers.

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 03:15 PM   #14 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Load a renamed combofix to a USB.

Insert the USB into the infected computer and run combofix from the USB - It doesn't need to be saved to the infected computer.
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 04:05 PM   #15 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
OK,

I think it ran, a green loading type thing was up on the screen for a while and then shut off, no report or any thing. Now what?

John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 04:36 PM   #16 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
what is the status of your machine at this point?

please navigate to C:\combofix.txt see if a report was saved in that location

or check the contents of the USB

are you able to boot into safe mode?

Please try running the OTL scan in safe mode
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 05:49 PM   #17 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
OK,

I am back on my machine, the bad image boxes have stopped and I was able to run an OTL in safe mode.

Computer is deathly slow still.

OTL logfile created on: 11/9/2009 5:28:33 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 277.52 Mb Available Physical Memory | 62.16% Memory free
1.03 Gb Paging File | 0.97 Gb Available in Paging File | 94.18% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.46 Gb Total Space | 72.74 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.51 Gb Free Space | 6.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.67% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/08 16:42:42 | 00,528,896 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/08 16:42:42 | 00,528,896 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2006/08/25 08:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/31 18:41:53 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/08/04 04:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/16 18:03:26 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/29 18:31:14 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 11:50:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/08 21:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/01 08:30:42 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/07 16:04:10 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/02/09 1733 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/05/09 15:50:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/09 11:50:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/16 09:34:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/16 09:34:26 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/04 23:50:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/09 15:59:42 | 00,000,000 | ---D | C] -- C:\combo26030c
[2009/11/09 15:58:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/09 15:57:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/09 15:55:03 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2009/11/09 15:54:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/11/09 15:50:22 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/11/08 19:29:11 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Microsoft
[2009/11/08 19:29:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\SendTo
[2009/11/08 19:29:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Recent
[2009/11/08 19:29:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data
[2009/11/08 19:29:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Start Menu
[2009/11/08 19:29:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\My Documents\My Music
[2009/11/08 19:29:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\My Documents
[2009/11/08 19:29:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Favorites
[2009/11/08 19:29:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Cookies
[2009/11/08 19:29:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Templates
[2009/11/08 19:29:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\PrintHood
[2009/11/08 19:29:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\NetHood
[2009/11/08 19:29:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\WINDOWS
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\My Documents\My Pictures
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Desktop
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\Wildtangent
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\ApplicationHistory
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\Apple Computer
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Symantec
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Real
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Intuit
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Identities
[2009/11/08 19:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\Apple Computer
[2009/11/08 14:52:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/08 14:52:41 | 00,000,000 | --SD | C] -- C:\combo
[2009/11/04 13:11:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\QBBackupTemp Wed, Nov 04 2009 01 11 22 PM
[2006/02/19 10:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[8 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/09 17:26:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 17:13:32 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/11/09 17:07:51 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/09 17:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 15:59:42 | 00,000,361 | ---- | M] () -- C:\Start_.cmd
[2009/11/08 19:31:56 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\NTUSER.DAT
[2009/11/08 19:31:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\ntuser.ini
[2009/11/08 19:31:54 | 02,286,016 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\IconCache.db
[2009/11/04 18:51:14 | 00,034,927 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/04 18:51:14 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/11/04 13:45:17 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\zebifibe
[2009/11/04 13:44:39 | 00,052,736 | ---- | M] () -- C:\luobk.exe
[2009/11/04 13:44:37 | 00,086,528 | ---- | M] () -- C:\ydlcgx.exe
[2009/11/04 13:44:37 | 00,008,192 | ---- | M] () -- C:\isllv.exe
[2009/11/04 13:44:23 | 00,032,768 | ---- | M] () -- C:\sique.exe
[2009/11/04 13:44:05 | 00,000,000 | -HS- | M] () -- C:\142092741
[2009/11/04 13:20:55 | 09,437,184 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW
[2009/11/04 13:20:55 | 02,555,904 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.TLG
[2009/11/04 13:20:55 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.nd
[2009/11/04 13:11:30 | 05,636,096 | ---- | M] () -- C:\Documents and Settings\All Users\Javic Inc 2007 (Backup).QBB
[2009/11/03 05:54:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/26 22:00:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/26 20:03:23 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
[8 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/09 15:59:42 | 00,000,361 | ---- | C] () -- C:\Start_.cmd
[2009/11/08 19:29:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\desktop.ini
[2009/11/08 19:29:16 | 02,286,016 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\IconCache.db
[2009/11/08 19:29:11 | 00,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\NTUSER.DAT
[2009/11/08 19:29:11 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Start Menu\Programs\Startup\Pin.lnk
[2009/11/08 19:29:11 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\ntuser.ini
[2009/11/04 18:51:14 | 00,034,927 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/04 18:51:14 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/11/04 13:44:30 | 00,008,192 | ---- | C] () -- C:\isllv.exe
[2009/11/04 13:44:27 | 00,052,736 | ---- | C] () -- C:\luobk.exe
[2009/11/04 13:44:26 | 00,086,528 | ---- | C] () -- C:\ydlcgx.exe
[2009/11/04 13:44:20 | 00,032,768 | ---- | C] () -- C:\sique.exe
[2009/11/04 13:44:05 | 00,000,000 | -HS- | C] () -- C:\142092741
[2009/11/04 13:12:23 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.nd
[2009/11/04 13:11:46 | 09,437,184 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW
[2009/11/04 13:11:21 | 05,636,096 | ---- | C] () -- C:\Documents and Settings\All Users\Javic Inc 2007 (Backup).QBB
[2009/11/04 13:09:57 | 02,555,904 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.TLG
[2009/10/25 16:04:38 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\zup7wrb.dll
[2009/08/14 10:39:18 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\reramiwu.dll
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\pepufebe.dll
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\lipulefa.dll
[2008/12/01 20:18:20 | 01,276,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2007/08/06 12:07:30 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/26 11:38:57 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/04/26 11:23:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/12/27 20:38:47 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/24 09:39:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/09/29 18:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/09/29 18:01:29 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/09/29 18:01:29 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/09/29 18:01:29 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/09/29 18:01:08 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/08/01 12:28:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/01 12:03:23 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/01 11:55:46 | 00,012,992 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/01 11:55:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/01 11:52:40 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/01 11:41:46 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/01 11:40:11 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/01 11:34:46 | 00,002,642 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/01 11:33:20 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/01 11:29:51 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/01 11:29:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/01 11:29:51 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/01 11:29:51 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/01 11:29:50 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/01 11:29:50 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/01 11:29:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/01 11:13:41 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/01 11:10:34 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/01 11:10:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/01 11:10:11 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/24 16:42:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/04 23:50:26 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/04 15:44:02 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/04 15:43:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/06/15 14:38:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2006/09/25 09:48:14 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/12/06 11:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/12/03 10:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/14 10:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2007/07/23 18:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/01 20:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/01/03 15:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/03/23 06:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/16 09:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 06:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/09 17:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
[2009/11/09 17:26:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 17:13:32 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/11/09 17:07:51 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/09 17:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 12:04:45 | 00,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2009/11/08 19:31:56 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\NTUSER.DAT
[2009/11/08 19:31:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\ntuser.ini
[2009/11/08 19:31:54 | 02,286,016 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\IconCache.db
[2009/11/05 18:49:49 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared
[2009/11/05 17:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/11/04 18:51:14 | 00,034,927 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/04 18:51:14 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/11/04 13:45:17 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\zebifibe
[2009/11/04 13:20:55 | 09,437,184 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW
[2009/11/04 13:20:55 | 02,555,904 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.TLG
[2009/11/04 13:20:55 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.nd
[2009/11/04 13:11:30 | 05,636,096 | ---- | M] () -- C:\Documents and Settings\All Users\Javic Inc 2007 (Backup).QBB
[2009/11/03 05:54:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/26 22:00:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/26 20:03:23 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
[2009/10/25 16:04:42 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\zup7wrb.dll
[2009/10/22 18:34:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/20 21:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 14:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\Shared
[2009/10/15 03:31:57 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/15 03:12:03 | 00,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:12:03 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 03:12:03 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/10 14:34:34 | 00,002,642 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/01 20:19:35 | 01,276,910 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2008/01/05 00:37:11 | 00,001,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/29 14:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/19 10:28:56 | 00,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/12/04 15:43:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/12/04 15:43:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Application Data\desktop.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/09 17:26:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 17:13:32 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/11/09 17:07:51 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/09 17:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 15:59:42 | 00,000,361 | ---- | M] () -- C:\Start_.cmd
[2009/11/08 19:31:56 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\NTUSER.DAT
[2009/11/08 19:31:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\ntuser.ini
[2009/11/08 19:31:54 | 02,286,016 | -H-- | M] () -- C:\Documents and Settings\Administrator.YOUR-D0F670B45A\Local Settings\Application Data\IconCache.db
[2009/11/04 18:51:14 | 00,034,927 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/04 18:51:14 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/11/04 13:45:17 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\zebifibe
[2009/11/04 13:44:39 | 00,052,736 | ---- | M] () -- C:\luobk.exe
[2009/11/04 13:44:37 | 00,257,024 | ---- | M] (Microsoft Corporation) -- C:\fpofmum.exe
[2009/11/04 13:44:37 | 00,086,528 | ---- | M] () -- C:\ydlcgx.exe
[2009/11/04 13:44:37 | 00,008,192 | ---- | M] () -- C:\isllv.exe
[2009/11/04 13:44:23 | 00,032,768 | ---- | M] () -- C:\sique.exe
[2009/11/04 13:44:05 | 00,000,000 | -HS- | M] () -- C:\142092741
[2009/11/04 13:20:55 | 09,437,184 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW
[2009/11/04 13:20:55 | 02,555,904 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.TLG
[2009/11/04 13:20:55 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Javic Inc 2007.QBW.nd
[2009/11/04 13:11:30 | 05,636,096 | ---- | M] () -- C:\Documents and Settings\All Users\Javic Inc 2007 (Backup).QBB
[2009/11/03 05:54:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/26 22:00:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/26 20:03:23 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
[2009/10/25 16:04:42 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\zup7wrb.dll
[2009/10/25 16:04:40 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\qsdhs.exe
[2009/10/25 16:04:34 | 00,016,896 | ---- | M] () -- C:\chhite.exe
[2009/10/25 16:04:32 | 00,079,360 | ---- | M] () -- C:\vyiy.exe
[2009/10/25 16:04:32 | 00,052,736 | ---- | M] () -- C:\ldvx.exe
[2009/10/25 16:04:23 | 00,007,168 | ---- | M] () -- C:\jyacth.exe
[2009/10/25 16:04:20 | 00,022,016 | ---- | M] () -- C:\wggam.exe
[2009/10/22 18:34:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/20 21:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 21:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/15 03:12:03 | 00,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:12:03 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 03:12:03 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== LOP Check ==========

[2006/09/25 09:48:14 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/12/06 11:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/12/03 10:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/08/14 10:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2007/07/23 18:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/01 20:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/01/03 15:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/03/23 06:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/16 09:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 06:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/09 17:03:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



< End of report >


And a report called Extra
OTL Extras logfile created on: 11/9/2009 5:28:33 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 277.52 Mb Available Physical Memory | 62.16% Memory free
1.03 Gb Paging File | 0.97 Gb Available in Paging File | 94.18% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.46 Gb Total Space | 72.74 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.51 Gb Free Space | 6.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.67% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-D0F670B45A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{61A9D495-C4E1-4309-AB64-E95AD0CCA9F5}" = SymNet
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"AdMission Photo Uploader" = AdMission Photo Uploader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"HP Document Manager" = HP Document Manager 1.0
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Photo Viewer V3.03fs" = Photo Viewer V3.03fs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2009 11:36:28 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Invalid font height in QBPRINT.QBP! Font height is = 6553

Error - 8/27/2009 11:36:34 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Invalid font height in QBPRINT.QBP! Font height is = 6553

Error - 9/3/2009 8:12:40 PM | Computer Name = YOUR-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 1:10:52 PM | Computer Name = YOUR-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 8/27/2009 11:36:28 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Invalid font height in QBPRINT.QBP! Font height is = 6553

Error - 8/27/2009 11:36:34 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Invalid font height in QBPRINT.QBP! Font height is = 6553

Error - 9/3/2009 8:12:40 PM | Computer Name = YOUR-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:37:52 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 11:40:51 AM | Computer Name = YOUR-D0F670B45A | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 9/10/2009 1:10:52 PM | Computer Name = YOUR-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/9/2009 8:27:20 PM | Computer Name = YOUR-D0F670B45A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/9/2009 8:27:23 PM | Computer Name = YOUR-D0F670B45A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/9/2009 8:27:36 PM | Computer Name = YOUR-D0F670B45A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/9/2009 8:28:06 PM | Computer Name = YOUR-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 eeCtrl Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI
Tcpip


< End of report >


John
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 06:39 PM   #18 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Please do the following:
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    Code:
    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
[2009/11/09 15:59:42 | 00,000,000 | ---D | C] -- C:\combo26030c
[2009/11/09 15:57:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/09 15:55:03 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2009/11/09 15:54:49 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/11/09 15:50:22 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2009/11/08 14:52:41 | 00,000,000 | --SD | C] -- C:\combo
[2009/11/09 15:59:42 | 00,000,361 | ---- | M] () -- C:\Start_.cmd
[2009/11/04 13:45:17 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\zebifibe
[2009/11/04 13:44:39 | 00,052,736 | ---- | M] () -- C:\luobk.exe
[2009/11/04 13:44:37 | 00,086,528 | ---- | M] () -- C:\ydlcgx.exe
[2009/11/04 13:44:37 | 00,008,192 | ---- | M] () -- C:\isllv.exe
[2009/11/04 13:44:23 | 00,032,768 | ---- | M] () -- C:\sique.exe
[2009/11/04 13:44:05 | 00,000,000 | -HS- | M] () -- C:\142092741
[2009/10/25 16:04:38 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\zup7wrb.dll
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\reramiwu.dll
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\pepufebe.dll
[2009/08/04 13:45:10 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\lipulefa.dll
[2009/11/04 13:44:37 | 00,257,024 | ---- | M] (Microsoft Corporation) -- C:\fpofmum.exe
[2009/10/25 16:04:40 | 00,246,272 | ---- | M] (Microsoft Corporation) -- C:\qsdhs.exe
[2009/10/25 16:04:34 | 00,016,896 | ---- | M] () -- C:\chhite.exe
[2009/10/25 16:04:32 | 00,079,360 | ---- | M] () -- C:\vyiy.exe
[2009/10/25 16:04:32 | 00,052,736 | ---- | M] () -- C:\ldvx.exe
[2009/10/25 16:04:23 | 00,007,168 | ---- | M] () -- C:\jyacth.exe
[2009/10/25 16:04:20 | 00,022,016 | ---- | M] () -- C:\wggam.exe

:Commands
[purity]
[emptytemp]
[Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

NEXT

delete the copy of ComboFix from your desktop

Download a fresh copy from one of the previous links provided.

Rename it to combo.com, save as file type "All Files"

and run the program.


Make sure your security programs are disabled as they will interfere in the running of Combofix.
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 06:14 AM   #19 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 19
OS: xp


Re: Computer won't load internet
Here is the OTL report


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
File move failed. C:\combo26030c\ scheduled to be moved on reboot.
Folder C:\32788R22FWJFW\ not found.
Folder C:\32788R22FWJFW.2.tmp\ not found.
Folder C:\32788R22FWJFW.1.tmp\ not found.
Folder C:\32788R22FWJFW.0.tmp\ not found.
File move failed. C:\combo\ scheduled to be moved on reboot.
File C:\Start_.cmd not found.
File C:\WINDOWS\System32\zebifibe not found.
File C:\luobk.exe not found.
File C:\ydlcgx.exe not found.
File C:\isllv.exe not found.
File C:\sique.exe not found.
File C:\142092741 not found.
File C:\WINDOWS\System32\zup7wrb.dll not found.
File C:\WINDOWS\System32\reramiwu.dll not found.
File C:\WINDOWS\System32\pepufebe.dll not found.
File C:\WINDOWS\System32\lipulefa.dll not found.
File C:\fpofmum.exe not found.
File C:\qsdhs.exe not found.
File C:\chhite.exe not found.
File C:\vyiy.exe not found.
File C:\ldvx.exe not found.
File C:\jyacth.exe not found.
File C:\wggam.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-D0F670B45A
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 809694 bytes
->Temporary Internet Files folder emptied: 1165312 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33012 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 609156 bytes
RecycleBin emptied: 3563165 bytes

Total Files Cleaned = 5.99 mb


OTL by OldTimer - Version 3.1.4.0 log created on 11102009_060121

Files\Folders moved on Reboot...
Folder move failed. C:\combo26030c\ scheduled to be moved on reboot.
Folder move failed. C:\combo\\N_ scheduled to be moved on reboot.
Folder move failed. C:\combo\ scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\JET9EC0.tmp not found!

Registry entries deleted on Reboot...
cholla is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 07:01 AM   #20 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,151
OS: XP sp3


Re: Computer won't load internet
Hi,

Please try and run combofix again
__________________


ASAP & UNITE Member
CatByte is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:10 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85