 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
 Posted: Mon Jul 09, 2012 5:56 pm Post subject: Possible keystroke logger |
 |
|
Hello,
Someone has used my credit card, I believe I know what I was buying when it happened but I don't know if they got my card from my husbands computer with a logger or if it was taken at the business I was shopping at.
Would someone please look at my DDS for anything suspicious? I've done my regular virus scans and they came out fine but i don't trust them to find it.
Thank you for your time 
Becky
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rory at 18:33:39 on 2012-07-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2178 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\games\summoner\Summoner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DE21D6FE-2AF5-4803-B87C-B8AD646A6825} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rory.rory-2886899d1f\application data\mozilla\firefox\profiles\bzaqjpao.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.lotro.com/home/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R1 MpKsl1a9b6065;MpKsl1a9b6065;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{50d4329b-636b-4475-bf06-bdf93e6e6815}\MpKsl1a9b6065.sys [2012-7-9 29904]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-2-15 12184]
.
=============== Created Last 30 ================
.
2012-07-09 23:28:23 56200 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{50d4329b-636b-4475-bf06-bdf93e6e6815}\offreg.dll
2012-07-09 23:28:23 29904 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{50d4329b-636b-4475-bf06-bdf93e6e6815}\MpKsl1a9b6065.sys
2012-07-09 04:49:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-09 01:02:54 6762896 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{50d4329b-636b-4475-bf06-bdf93e6e6815}\mpengine.dll
2012-07-07 23:38:39 6762896 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-23 05:01:55 -------- d-----w- C:\games
2012-06-13 01:42:25 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:34:55.75 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/13/2012 10:47:24 PM
System Uptime: 7/9/2012 10:27:15 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 0CK520
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz | Microprocessor | 2400/1066mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 378.378 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM (CDFS)
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_1002&DEV_AA58&SUBSYS_AA581682&REV_00\4&3EF2EA1&0&0118
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_1002&DEV_AA58&SUBSYS_AA581682&REV_00\4&3EF2EA1&0&0118
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_01E11028&REV_A2\3&AD6EAB4&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_01E11028&REV_A2\3&AD6EAB4&0&51
Service:
.
==== System Restore Points ===================
.
RP171: 4/11/2012 10:19:17 AM - Software Distribution Service 3.0
RP172: 4/12/2012 11:46:51 AM - Software Distribution Service 3.0
RP173: 4/13/2012 5:41:32 PM - System Checkpoint
RP174: 4/14/2012 11:21:31 AM - Software Distribution Service 3.0
RP175: 4/15/2012 10:26:09 AM - Software Distribution Service 3.0
RP176: 4/15/2012 2:50:41 PM - Software Distribution Service 3.0
RP177: 4/16/2012 8:54:37 AM - Software Distribution Service 3.0
RP178: 4/17/2012 9:21:39 AM - Software Distribution Service 3.0
RP179: 4/17/2012 9:30:52 AM - Software Distribution Service 3.0
RP180: 4/18/2012 10:03:32 AM - Software Distribution Service 3.0
RP181: 4/18/2012 10:12:42 AM - Software Distribution Service 3.0
RP182: 4/19/2012 11:11:23 AM - Software Distribution Service 3.0
RP183: 4/19/2012 11:20:55 AM - Software Distribution Service 3.0
RP184: 4/20/2012 11:35:00 AM - Software Distribution Service 3.0
RP185: 4/20/2012 11:44:09 AM - Software Distribution Service 3.0
RP186: 4/21/2012 11:11:00 AM - Software Distribution Service 3.0
RP187: 4/21/2012 10:16:11 PM - Software Distribution Service 3.0
RP188: 4/22/2012 11:29:52 AM - Software Distribution Service 3.0
RP189: 4/23/2012 10:03:50 AM - Software Distribution Service 3.0
RP190: 4/23/2012 10:13:02 AM - Software Distribution Service 3.0
RP191: 4/23/2012 10:21:20 AM - Software Distribution Service 3.0
RP192: 4/24/2012 2:40:47 PM - Software Distribution Service 3.0
RP193: 4/24/2012 2:49:52 PM - Software Distribution Service 3.0
RP194: 4/25/2012 12:11:51 AM - Software Distribution Service 3.0
RP195: 4/25/2012 11:18:55 AM - Software Distribution Service 3.0
RP196: 4/26/2012 11:48:57 AM - Software Distribution Service 3.0
RP197: 4/26/2012 11:58:08 AM - Software Distribution Service 3.0
RP198: 4/27/2012 10:33:08 AM - Software Distribution Service 3.0
RP199: 4/28/2012 11:57:41 AM - Software Distribution Service 3.0
RP200: 4/28/2012 12:06:27 PM - Software Distribution Service 3.0
RP201: 4/29/2012 11:06:22 AM - Software Distribution Service 3.0
RP202: 4/30/2012 11:54:12 AM - Software Distribution Service 3.0
RP203: 4/30/2012 12:03:29 PM - Software Distribution Service 3.0
RP204: 5/1/2012 8:41:07 AM - Software Distribution Service 3.0
RP205: 5/2/2012 11:02:13 AM - Software Distribution Service 3.0
RP206: 5/2/2012 11:11:25 AM - Software Distribution Service 3.0
RP207: 5/3/2012 10:24:32 AM - Software Distribution Service 3.0
RP208: 5/3/2012 11:40:25 AM - Software Distribution Service 3.0
RP209: 5/3/2012 11:49:19 AM - Software Distribution Service 3.0
RP210: 5/3/2012 4:07:46 PM - Software Distribution Service 3.0
RP211: 5/4/2012 8:54:23 AM - Software Distribution Service 3.0
RP212: 5/4/2012 7:05:11 PM - Software Distribution Service 3.0
RP213: 5/5/2012 11:27:52 AM - Software Distribution Service 3.0
RP214: 5/6/2012 9:56:34 AM - Software Distribution Service 3.0
RP215: 5/6/2012 4:56:40 PM - Software Distribution Service 3.0
RP216: 5/7/2012 9:27:21 AM - Software Distribution Service 3.0
RP217: 5/8/2012 1:26:10 PM - Software Distribution Service 3.0
RP218: 5/8/2012 1:34:59 PM - Software Distribution Service 3.0
RP219: 5/9/2012 10:19:09 AM - Software Distribution Service 3.0
RP220: 5/9/2012 4:53:06 PM - Software Distribution Service 3.0
RP221: 5/10/2012 6:06:26 PM - System Checkpoint
RP222: 5/11/2012 9:38:45 AM - Software Distribution Service 3.0
RP223: 5/12/2012 11:50:07 AM - Software Distribution Service 3.0
RP224: 5/13/2012 1:04:00 PM - Software Distribution Service 3.0
RP225: 5/14/2012 1:22:46 PM - Software Distribution Service 3.0
RP226: 5/15/2012 1:54:36 PM - Software Distribution Service 3.0
RP227: 5/16/2012 2:31:20 PM - System Checkpoint
RP228: 5/16/2012 6:18:19 PM - Software Distribution Service 3.0
RP229: 5/17/2012 12:05:32 PM - Software Distribution Service 3.0
RP230: 5/18/2012 12:34:57 PM - Software Distribution Service 3.0
RP231: 5/18/2012 12:44:52 PM - Software Distribution Service 3.0
RP232: 5/18/2012 5:36:56 PM - Microsoft Backup Utility Recovery
RP233: 5/19/2012 12:05:01 PM - Software Distribution Service 3.0
RP234: 5/20/2012 11:44:51 AM - Software Distribution Service 3.0
RP235: 5/20/2012 11:54:02 AM - Software Distribution Service 3.0
RP236: 5/21/2012 11:25:25 AM - Software Distribution Service 3.0
RP237: 5/22/2012 2:19:18 PM - Software Distribution Service 3.0
RP238: 5/22/2012 2:28:05 PM - Software Distribution Service 3.0
RP239: 5/23/2012 8:49:46 PM - System Checkpoint
RP240: 5/24/2012 11:31:10 AM - Software Distribution Service 3.0
RP241: 5/24/2012 11:40:16 AM - Software Distribution Service 3.0
RP242: 5/25/2012 11:38:06 AM - Software Distribution Service 3.0
RP243: 5/25/2012 11:47:08 AM - Software Distribution Service 3.0
RP244: 5/26/2012 10:48:41 AM - Software Distribution Service 3.0
RP245: 5/26/2012 11:19:35 AM - Software Distribution Service 3.0
RP246: 5/26/2012 1:40:20 PM - Software Distribution Service 3.0
RP247: 5/27/2012 11:10:17 AM - Software Distribution Service 3.0
RP248: 5/28/2012 12:03:00 PM - Software Distribution Service 3.0
RP249: 5/28/2012 12:12:10 PM - Software Distribution Service 3.0
RP250: 5/29/2012 3:39:40 PM - Software Distribution Service 3.0
RP251: 5/29/2012 3:48:36 PM - Software Distribution Service 3.0
RP252: 5/30/2012 10:27:38 AM - Software Distribution Service 3.0
RP253: 5/31/2012 10:47:24 AM - Software Distribution Service 3.0
RP254: 5/31/2012 10:56:32 AM - Software Distribution Service 3.0
RP255: 6/1/2012 4:06:26 PM - Software Distribution Service 3.0
RP256: 6/1/2012 4:15:35 PM - Software Distribution Service 3.0
RP257: 6/2/2012 11:32:17 AM - Software Distribution Service 3.0
RP258: 6/3/2012 11:00:24 AM - Software Distribution Service 3.0
RP259: 6/3/2012 11:10:25 AM - Software Distribution Service 3.0
RP260: 6/4/2012 11:19:22 AM - Software Distribution Service 3.0
RP261: 6/4/2012 1:46:29 PM - Software Distribution Service 3.0
RP262: 6/5/2012 1:03:03 PM - Software Distribution Service 3.0
RP263: 6/6/2012 10:50:11 AM - Software Distribution Service 3.0
RP264: 6/6/2012 10:59:23 AM - Software Distribution Service 3.0
RP265: 6/7/2012 11:03:31 AM - Software Distribution Service 3.0
RP266: 6/7/2012 11:12:41 AM - Software Distribution Service 3.0
RP267: 6/8/2012 12:29:33 PM - Software Distribution Service 3.0
RP268: 6/8/2012 12:38:41 PM - Software Distribution Service 3.0
RP269: 6/9/2012 10:54:09 AM - Software Distribution Service 3.0
RP270: 6/9/2012 6:09:09 PM - Software Distribution Service 3.0
RP271: 6/10/2012 8:13:57 AM - Software Distribution Service 3.0
RP272: 6/11/2012 12:37:04 PM - Software Distribution Service 3.0
RP273: 6/11/2012 12:46:11 PM - Software Distribution Service 3.0
RP274: 6/12/2012 2:03:59 PM - Software Distribution Service 3.0
RP275: 6/12/2012 2:12:58 PM - Software Distribution Service 3.0
RP276: 6/13/2012 10:47:07 AM - Software Distribution Service 3.0
RP277: 6/14/2012 11:21:25 AM - Software Distribution Service 3.0
RP278: 6/15/2012 11:41:25 AM - Software Distribution Service 3.0
RP279: 6/16/2012 10:32:20 AM - Software Distribution Service 3.0
RP280: 6/17/2012 2:23:37 AM - Software Distribution Service 3.0
RP281: 6/17/2012 10:29:01 AM - Software Distribution Service 3.0
RP282: 6/18/2012 11:04:31 AM - Software Distribution Service 3.0
RP283: 6/18/2012 11:13:48 AM - Software Distribution Service 3.0
RP284: 6/19/2012 1:58:57 PM - Software Distribution Service 3.0
RP285: 6/19/2012 2:08:37 PM - Software Distribution Service 3.0
RP286: 6/20/2012 10:22:51 AM - Software Distribution Service 3.0
RP287: 6/21/2012 10:44:50 AM - Software Distribution Service 3.0
RP288: 6/21/2012 10:54:09 AM - Software Distribution Service 3.0
RP289: 6/22/2012 10:50:52 AM - Software Distribution Service 3.0
RP290: 6/22/2012 10:59:49 AM - Software Distribution Service 3.0
RP291: 6/23/2012 11:18:46 AM - Software Distribution Service 3.0
RP292: 6/23/2012 11:27:49 AM - Software Distribution Service 3.0
RP293: 6/24/2012 12:15:27 PM - Software Distribution Service 3.0
RP294: 6/24/2012 12:25:29 PM - Software Distribution Service 3.0
RP295: 6/25/2012 12:15:55 PM - Software Distribution Service 3.0
RP296: 6/25/2012 1:12:22 PM - Software Distribution Service 3.0
RP297: 6/26/2012 8:19:56 AM - Software Distribution Service 3.0
RP298: 6/26/2012 2:43:27 PM - Software Distribution Service 3.0
RP299: 6/27/2012 4:50:16 PM - Software Distribution Service 3.0
RP300: 6/27/2012 7:04:59 PM - Software Distribution Service 3.0
RP301: 6/28/2012 1:05:50 PM - Software Distribution Service 3.0
RP302: 6/28/2012 8:14:45 PM - Software Distribution Service 3.0
RP303: 6/29/2012 2:59:19 PM - Software Distribution Service 3.0
RP304: 6/29/2012 8:45:39 PM - Software Distribution Service 3.0
RP305: 6/30/2012 3:00:13 AM - Software Distribution Service 3.0
RP306: 7/1/2012 1:30:46 PM - Software Distribution Service 3.0
RP307: 7/1/2012 1:39:57 PM - Software Distribution Service 3.0
RP308: 7/2/2012 3:00:13 AM - Software Distribution Service 3.0
RP309: 7/2/2012 7:31:58 PM - Software Distribution Service 3.0
RP310: 7/3/2012 3:00:14 AM - Software Distribution Service 3.0
RP311: 7/3/2012 10:54:34 PM - Software Distribution Service 3.0
RP312: 7/4/2012 3:00:14 AM - Software Distribution Service 3.0
RP313: 7/5/2012 1:46:28 AM - Software Distribution Service 3.0
RP314: 7/5/2012 3:00:13 AM - Software Distribution Service 3.0
RP315: 7/6/2012 10:20:38 AM - Software Distribution Service 3.0
RP316: 7/6/2012 10:31:10 AM - Software Distribution Service 3.0
RP317: 7/7/2012 10:14:53 AM - Software Distribution Service 3.0
RP318: 7/7/2012 4:38:37 PM - Software Distribution Service 3.0
RP319: 7/8/2012 8:08:02 AM - Software Distribution Service 3.0
RP320: 7/8/2012 6:02:52 PM - Software Distribution Service 3.0
RP321: 7/9/2012 6:14:43 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Broadcom Gigabit Integrated Controller
COMODO Internet Security
Creative MediaSource
Dell Resource CD
eReg
ESPNMotion
GemMaster Mystic
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Logitech SetPoint 6.32
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0 (x86 en-US)
MSXML 6.0 Parser (KB933579)
Otto
Pando Media Booster
PowerDVD
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Encoders
Sound Blaster X-Fi
Summoner
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Video Driver
WebFldrs XP
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol
World of Warcraft Public Test
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 3:02:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
.
==== End Of File =========================== |
|
| Back to top |
|
 |
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Tue Jul 10, 2012 9:36 am Post subject: |
|
|
Hi Becky and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.
Before we start please note the following important guidelines. - If you don't know or understand something, please don't hesitate to ask.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Remember, absence of symptoms does not mean the infection is all gone.
- Please DO NOT run any other tools or scans whilst I am helping you.
- Please DO NOT install any other software (or hardware) during the cleaning process.
- Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
| Quote: |
| Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. |
Because of this, I advise you to backup any personal files and folders before you start
| Quote: |
| COMODO Internet Security |
Question, does your installed version of COMODO Internet Security include Antivirus?
Let me know in your next reply.
Please download Malwarebytes' Anti-Malware and save to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
- Once the program has loaded, select Perform Quick Scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
- When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.
Please download OTL by Old Timer and save it to your Desktop.
- Double click on OTL.exe to run it.
- Under Output, ensure that Standard Output is selected.
- Under Extra Registry section, select Use SafeList.
- Click the Scan All Users checkbox.
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
Logs/Information to Post in your Next Reply
- Malwarebytes.
- OTL.txt and Extra.txt contents.
- Does your installed version of COMODO Internet Security include Antivirus?
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Tue Jul 10, 2012 6:01 pm Post subject: |
|
|
Hello Cypher,
Thanks for being my helper. I have COMODO for a fire wall but last time I downloaded it antivirus was included. I believe the antivirus is turned off but my husband did complain that a pop up keeps telling him the data base is out dated so maybe I need to do something different?
For antivirus I've been using Microsoft security essentials.
When I did the Malwarebytes scan it made a log and I clicked ok but I didn't see the option "show results" or anywhere to check items and remove selected.
Here are my logs:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.10.14
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rory :: RORY-2886899D1F [administrator]
7/10/2012 5:37:54 PM
mbam-log-2012-07-10 (17-37-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321649
Time elapsed: 24 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL Extras logfile created on: 7/10/2012 6:15:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 74.93% Memory free
4.84 Gb Paging File | 4.24 Gb Available in Paging File | 87.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 378.28 Gb Free Space | 81.22% Space Free | Partition Type: NTFS
Drive H: | 566.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: RORY-2886899D1F | User Name: Rory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1078081533-1935655697-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56160:TCP" = 56160:TCP:*:Enabled:Pando Media Booster
"56160:UDP" = 56160:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"56160:TCP" = 56160:TCP:*:Enabled:Pando Media Booster
"56160:UDP" = 56160:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E6D0C78E-11C1-11D5-AAC7-006008A1F6E4}" = Summoner
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"ESPNMotion" = ESPNMotion
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 12.0 (x86 en-US)" = Mozilla Thunderbird 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"sp6" = Logitech SetPoint 6.32
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft Public Test" = World of Warcraft Public Test
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/10/2012 1:49:20 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CLR' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CA' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CRT' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework PreXP' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.
Watson' could not be installed. Error code 1603. Additional information is available
in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
Error - 7/10/2012 1:49:21 PM | Computer Name = RORY-2886899D1F | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5CED.txt.
[ System Events ]
Error - 7/4/2012 6:02:42 AM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
Error - 7/5/2012 6:02:53 AM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
Error - 7/6/2012 1:23:20 PM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
Error - 7/7/2012 1:17:37 PM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
Error - 7/9/2012 9:17:30 AM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
Error - 7/10/2012 1:50:03 PM | Computer Name = RORY-2886899D1F | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
< End of report >
OTL logfile created on: 7/10/2012 6:15:23 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 74.93% Memory free
4.84 Gb Paging File | 4.24 Gb Available in Paging File | 87.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 378.28 Gb Free Space | 81.22% Space Free | Partition Type: NTFS
Drive H: | 566.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: RORY-2886899D1F | User Name: Rory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/10 18:10:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\OTL.exe
PRC - [2012/06/15 21:37:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/30 11:35:14 | 000,400,480 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/21 01:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011/10/07 04:15:42 | 000,453,400 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe
PRC - [2011/10/07 02:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 12:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 13:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2007/04/04 18:48:58 | 001,236,992 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/03/01 20:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/03/01 19:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/08 05:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/14 12:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/15 21:37:00 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/07 02:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/04/13 18:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/26 13:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
MOD - [2007/04/04 18:49:32 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/05 11:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2005/11/08 05:30:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/08/05 13:02:00 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax
MOD - [2005/08/05 13:01:54 | 000,239,104 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll
MOD - [2005/08/05 13:01:54 | 000,058,368 | ---- | M] () -- C:\WINDOWS\system32\MSDvbNP.ax
MOD - [2004/08/10 04:00:00 | 000,331,776 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2004/08/10 04:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 04:00:00 | 000,154,112 | ---- | M] () -- C:\WINDOWS\system32\vbicodec.ax
MOD - [2004/08/10 04:00:00 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
========== Win32 Services (SafeList) ==========
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/19 19:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50D4329B-636B-4475-BF06-BDF93E6E6815}\MpKsl1a9b6065.sys -- (MpKsl1a9b6065)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/17 22:00:50 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 19:59:24 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2011/12/19 19:59:22 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/03 20:20:12 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/03 19:26:30 | 000,999,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/11/08 05:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 05:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 05:15:22 | 001,095,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 05:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 05:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 05:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 05:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/13 02:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1935655697-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1078081533-1935655697-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.lotro.com/home/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/04 11:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012/02/14 18:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Mozilla\Extensions
[2012/06/29 00:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Mozilla\Firefox\Profiles\bzaqjpao.default\extensions
[2012/02/16 15:44:19 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Mozilla\Firefox\Profiles\bzaqjpao.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/05/17 00:33:37 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Mozilla\Firefox\Profiles\bzaqjpao.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/07/10 10:50:42 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Mozilla\Firefox\Profiles\bzaqjpao.default\searchplugins\wot-safe-search.xml
[2012/02/14 18:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 21:58:37 | 000,193,959 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\RORY.RORY-2886899D1F\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BZAQJPAO.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/06/29 00:00:59 | 000,525,327 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\RORY.RORY-2886899D1F\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BZAQJPAO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/16 15:22:47 | 000,093,807 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\RORY.RORY-2886899D1F\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BZAQJPAO.DEFAULT\EXTENSIONS\{AEE74DD0-6DC9-11DB-9FE1-0800200C9A66}.XPI
[2012/06/15 21:37:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE21D6FE-2AF5-4803-B87C-B8AD646A6825}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rory.RORY-2886899D1F\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rory.RORY-2886899D1F\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/13 23:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/03/09 07:55:48 | 000,000,056 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/10 18:10:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\OTL.exe
[2012/07/10 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\Malwarebytes
[2012/07/10 17:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 17:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/07/10 17:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/10 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/10 17:21:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/09 18:33:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rory.RORY-2886899D1F\Start Menu\Programs\Administrative Tools
[2012/07/08 21:49:51 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/22 22:01:55 | 000,000,000 | ---D | C] -- C:\games
[2012/06/12 18:42:25 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/10 18:10:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\OTL.exe
[2012/07/10 17:29:44 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 17:22:53 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/10 16:55:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/10 16:49:47 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/10 16:49:47 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/10 16:45:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/10 15:00:49 | 000,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/10 15:00:49 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/10 15:00:49 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/07/10 15:00:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/07/10 15:00:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/07/08 21:49:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/13 10:52:35 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 10:48:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/10 17:29:44 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 16:05:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 14:12:53 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Rory.RORY-2886899D1F\Application Data\wklnhst.dat
[2012/02/15 22:34:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Rory.RORY-2886899D1F\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 17:02:15 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2012/02/14 16:47:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2012/02/13 23:52:43 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Rory.RORY-2886899D1F\Local Settings\Application Data\fusioncache.dat
[2012/02/13 23:47:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/13 23:42:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/13 15:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/13 15:30:44 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/30 22:14:12 | 000,507,066 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2010/09/23 13:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 18:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/09 18:12:50 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/09 18:12:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/09/09 18:12:50 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/09 18:12:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/09/09 18:12:50 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\PTR Installer 4.0.0.12824 enUS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\My Videos:Roxio EMC Stream
< End of report >
Thanks again,
Becky |
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Tue Jul 10, 2012 6:20 pm Post subject: |
|
|
| sorry, double post |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Wed Jul 11, 2012 1:37 am Post subject: |
|
|
Hi Becky,
| Quote: |
| Thanks for being my helper. |
My pleasure.
| Quote: |
I have COMODO for a fire wall but last time I downloaded it antivirus was included. I believe the antivirus is turned off but my husband did complain that a pop up keeps telling him the data base is out dated so maybe I need to do something different?
For antivirus I've been using Microsoft security essentials. |
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
It looks like the COMODO Antivirus is active if it's advising you to update it, i would advise you to remove either COMODO or Microsoft Security Essentials.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- First please Disable any Antivirus you have active, as shown in This topic.
- Note: Don't forget to re-enable it after the scan.
- Next hold down Control then click on the following link to open a new window to ESET online scannner
- Select the option YES, I accept the Terms of Use then click on Start.
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on Start.
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on Finish.
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Wed Jul 11, 2012 8:51 pm Post subject: |
|
|
I uninstalled Microsoft security essentials then looked at Comodo to make sure antivirus was on. All I could find was the fire wall and something called +defense so I download a copy of Comodo antivirus and will install it now that the I'm done with the ESET scan.
Here is the ESET scan log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=baf3cc91e7a6e74ebfb3fee98a53781f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-12 04:40:17
# local_time=2012-07-11 09:40:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3073 16777213 80 71 0 16796754 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104597
# found=0
# cleaned=0
# scan_time=3281
Hope I did right, it looks awfully short to me. |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Thu Jul 12, 2012 1:02 am Post subject: |
|
|
Hi Becky,
| Quote: |
| Hope I did right, it looks awfully short to me. |
Yes you did do it right well done 
How is your computer running are you experiencing any problems?
We need to run an OTL Fix
- Double-click OTL.exe to start the program.
- Copy and Paste the following code into the
 textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:otl
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1078081533-1935655697-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - user.js - File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\PTR Installer 4.0.0.12824 enUS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\My Videos:Roxio EMC Stream
:files
ipconfig /flushdns /c
:commands
[emptytemp]
[clearallrestorepoints]
|
Then click the Run Fix button at the top.
Click  .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Logs/Information to Post in your Next Reply
- OTL Fix log.
- Please give me an update on your computers performance.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Thu Jul 12, 2012 9:41 pm Post subject: |
|
|
Good evening Cypher,
The computer appears to be running fine. The only complaint my husband has about the computer is a message saying .net framework is not able to update. I don't have the exact wording, it hasn't done it while I've been at the keyboard but he says it happens often. He also gets a lot of blue screens from playing an old buggy game (Summoner) but we're pretty sure it's just that game. The game was made for windows 98 I believe.
Here is the log from OTL:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1078081533-1935655697-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
ADS C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\PTR Installer 4.0.0.12824 enUS:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Rory.RORY-2886899D1F\My Documents\My Videos:Roxio EMC Stream .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Rory.RORY-2886899D1F\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2860725 bytes
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33438 bytes
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1107928 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Rory
->Temp folder emptied: 327986775 bytes
->Temporary Internet Files folder emptied: 283742068 bytes
->Java cache emptied: 306322 bytes
->FireFox cache emptied: 102124062 bytes
->Flash cache emptied: 2098097 bytes
User: Rory.RORY-2886899D1F
->Temp folder emptied: 967931907 bytes
->Temporary Internet Files folder emptied: 1663744881 bytes
->FireFox cache emptied: 1178475472 bytes
->Flash cache emptied: 22316 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1277994 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3527226587 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 321139 bytes
RecycleBin emptied: 65823421 bytes
Total Files Cleaned = 7,749.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.1 log created on 07122012_221115
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Fri Jul 13, 2012 2:01 am Post subject: |
|
|
Hi Becky,
| Quote: |
| The computer appears to be running fine. The only complaint my husband has about the computer is a message saying .net framework is not able to update. |
If you wish, i can direct you to a tech forum where they could advise you about this problem better than myself.
My area of knowledge is in malware removal unfortunately.
The good news is your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clean up with OTL
- Double-click OTL.exe to start the program. This will remove some of the tools we used to clean your pc.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools/logs we used if they remain on your Desktop.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Here are some free programs I recommend that could help you improve your computer's security.
I recommend you keep Malwarebytes' Anti-Malware, keep it updated and run it once a week.
Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here
Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE
MVPS Hosts
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer
You can do that HERE
Read some information HERE On how to prevent Malware
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Sat Jul 14, 2012 4:17 pm Post subject: |
|
|
I'm glad to hear we have a clean bill of health Did you see anything that looked like it could have been grabbing our credit card number?
I would appreciate some direction to a web site that could help with my other problem.
Thank you for all the help. Your directions were very easy to fallow.
Becky |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Sun Jul 15, 2012 1:59 am Post subject: |
|
|
Hi Becky,
| Quote: |
| Thank you for all the help. |
You're most welcome my pleasure
| Quote: |
| Did you see anything that looked like it could have been grabbing our credit card number? |
No there was nothing in your logs to be concerned about, we just had to tidy a couple of things up.
| Quote: |
| I would appreciate some direction to a web site that could help with my other problem. |
Here are some excellent Tech sites (in no particular order) that may be able to help with your remaining problem:
So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.
Any more questions before i close this topic?
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Mon Jul 16, 2012 9:03 am Post subject: |
|
|
| No other questions |
|
| Back to top |
|
|
Becky
Junior Member
Joined: 26 Aug 2007
Last Visit: 16 Jul 2012
Posts: 39
|
| Posted: Mon Jul 16, 2012 9:03 am Post subject: |
|
|
| No other questions |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 17 May 2013
Posts: 4041
Location: Land Of The Leprechauns
|
| Posted: Mon Jul 16, 2012 9:09 am Post subject: |
|
|
| Quote: |
As your malware issues appear to be resolved, this topic is now closed.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
