Jump to content


Photo

Lost USB. Registry corrupted?


  • This topic is locked This topic is locked
17 replies to this topic

#1 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 12 May 2011 - 10:09 AM

Hello!

I've lost all USB ports. I've uninstalled them using Device Manager, no joy. I'm wondering if perhaps my registry has been corrupted?

Here's my Hijack This log. Thanks for any help you're able to give>





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:36 AM, on 5/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.advrider.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net;<local>;*.local
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Program Files\\CWShredder");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.tabs.forceHide", true);
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", t
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Program Files\\CWShredder");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.tabs.forceHide", true);
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", t
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Plug-in 1.6.0_19) -
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) -
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22) -
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11293 bytes

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 May 2011 - 11:07 PM

Hello wxwax,

Both your HijackThis and your IE 6 are way out of date.

When did you lose your USB ports? Was this sudden or gradual? Do you remember what you were doing just before it happened?

Please read the Forum FAQ and post the requested logs.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 14 May 2011 - 07:46 PM

Hello, Mother Lion. What a great name!

Sorry for not following the protocol. Below are the logs listed in the FAQ. (For some reason, HiJack This didn't have an update button, I had to download it anew.)

I discovered I had a USB problem when my USB mouse stopped working. The mouse had been briefly but persistently locking-up for a couple of weeks before it abruptly stopped working altogether. (Presumably this means the USB connection had been "flickering".) It locked-up when I was playing a web-based Java solitaire game here: http://bit.ly/j2sKh5

I found out the problem wasn't the mouse software but instead, that I had lost the use of all USB ports. Not even a flash drive works. However, the USB mouse does light-up when I plug it in.

I don't use Internet Explorer. I only use Chrome and, sometimes, Firefox. Both are current.


Thanks for your help!







HiHack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:32:48 PM, on 5/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Microsoft User\Desktop\Computer Security\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.advrider.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.se1.attbb.net;<local>;*.local
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Program Files\\CWShredder");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.tabs.forceHide", true);
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", t
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Program Files\\CWShredder");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("browser.tabs.forceHide", true);
user_pref("dom.disable_open_during_load", true);
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", t
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Plug-in 1.6.0_19) -
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) -
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12095 bytes






Security Check Log

Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Outpost Firewall 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java DB 10.5.3.0
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Hijack This Trend Micro HiJackThis HiJackThis.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````










Malware Byte's AntiMalware Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6547

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/14/2011 8:37:34 PM
mbam-log-2011-05-14 (20-37-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 314270
Time elapsed: 3 hour(s), 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by wxwax, 14 May 2011 - 07:49 PM.


#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 14 May 2011 - 08:29 PM

You don't seem to have any malware, but that was unlikely anyway - malware is generally in it for the money and it's hard to see what messing with your USB ports would get them.

It appears that some hardware component has been gradually failing. This could be something like a loose wire. You will probably have to open the PC to check that, but you can give Device Manager a try. I'm assuming that you can somehow do this without your USB mouse since you have been able to post the logs.

To access Device Manager:
Click Start (or the Windows key), click Run, and then type devmgmt.msc.

Navigate to USB Controller. Is there a yellow exclamation point next to it or to any of the attached devices?

If the device is experiencing a problem, the Device Status box displays the type of problem. You may see a problem code, or number (or both) and a suggested solution.

Troubleshooting a device requires steps specific to that device. If the Device Status box displays a problem, click Troubleshoot to launch the Windows XP troubleshooter for this device type. Supply information and answer questions as prompted.

If Device Manager shows everything is fine then please try this:
Detach all USB devices.
Shut down your PC and unplug it from the electric outlet (don't just turn it off). Wait at least 5 minutes. Then plug it back in, attach only the mouse, and turn it on. See if possibly the USB has recovered.

Let me know what happens.

Please also do these important updates for the sake of your security.
Update your Java and remove the old versions (important!) http://www.java.com/...derversions.xml
Update Adobe Reader.
Get Internet Explorer 8 or 9. Your IE 6 is no longer supported.
Update Spybot S&D.

And finally, please do this:
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 14 May 2011 - 11:40 PM

Thanks, Mother Lion.

USB checks out clean in Device Manager. I'll open the box to check the wires when there's daylight (Sunday.) I'll also update software per your recommendations (except maybe IE, I just don't use it.) I keep Spybot updated and always allow Java updates when prompted. I'm surprised they're not up-to-date.

Here are the logs you requested.

Thanks again for your help!





OTL.Txt


OTL logfile created on: 5/15/2011 1:26:38 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Microsoft User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 536.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 12.39 Gb Free Space | 16.62% Space Free | Partition Type: NTFS

Computer Name: MICROSOF-G12XZZ | User Name: Microsoft User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Microsoft User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
PRC - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Wacom\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Borland\Interbase\Bin\ibserver.exe (Inprise Corporation)
PRC - C:\Program Files\Borland\Interbase\Bin\ibguard.exe (Inprise Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Microsoft User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)


========== Win32 Services (SafeList) ==========

SRV - (Vaslinsv) -- File not found
SRV - (Sm0bminvp) -- File not found
SRV - (Mup4sb) -- File not found
SRV - (Iomega Activity Disk2) -- File not found
SRV - (HidServ) -- File not found
SRV - (EventSystem) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (EyeOneDp) -- C:\WINDOWS\system32\drivers\EyeOneDp.sys ()
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PDIHWCTL) -- C:\WINDOWS\system32\drivers\pdihwctl.sys (Portrait Displays, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
DRV - (i1) -- C:\WINDOWS\system32\drivers\i1.sys (GretagMacbeth)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (IdeChnDr) Intel® -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.advrider.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.se1.attbb.net;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = sas.se1.attbb.net:8000

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:4.0.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/19 00:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/14 03:01:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:55:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:55:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/10 13:55:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/03/01 20:03:45 | 000,000,000 | ---D | M]

[2008/12/13 13:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Extensions
[2008/12/13 13:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/12 11:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions
[2007/10/21 16:21:29 | 000,000,000 | ---D | M] ("FxIF") -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2011/03/01 10:17:52 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2011/03/01 10:17:52 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/03/28 15:11:09 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/01 07:57:39 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/09/19 09:30:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\firefox@tvunetworks.com
[2008/08/16 15:08:00 | 000,000,000 | ---D | M] (PicLens) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\piclens@cooliris(2).com
[2010/09/19 09:32:21 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\a0znfgyh.default\extensions\vshareus@toolbar
[2011/05/12 11:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/11 15:15:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/10 20:41:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/21 02:19:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/04/19 00:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/08 19:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 18:33:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 14:13:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 20:03:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/04/19 00:09:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/24 09:26:10 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/06/24 09:26:11 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/08/05 13:31:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/06/24 09:26:12 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/10 13:55:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/10 13:55:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/10 13:55:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/10 13:55:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/10 13:55:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/10 13:55:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/10 13:55:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/06/24 07:27:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/12 15:06:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca....r/axscanner.cab (PPSDKActiveXScanner.MainScreen)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/s...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://ppupdates.ca....er/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/30 11:26:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 01:25:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Microsoft User\Desktop\OTL.exe
[2011/05/14 21:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/14 21:51:25 | 115,655,576 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Microsoft User\Desktop\kav2011_11.0.2.556-1782en_us.exe
[2011/05/14 17:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft User\Start Menu\Programs\HiJackThis
[2011/05/12 12:27:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/10 03:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft User\Local Settings\Application Data\PCHealth
[2011/05/10 03:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/05/10 03:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/05/10 03:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/05/10 03:11:01 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/05/10 03:11:01 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/05/10 03:11:01 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/05/10 03:11:01 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/05/10 03:11:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/05/10 03:11:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/05/10 03:11:01 | 000,000,000 | ---D | C] -- C:\a5e219141d7d91eb4578b81c4dc8
[2011/05/09 16:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/05/09 05:40:09 | 004,267,744 | ---- | C] (Logitech ) -- C:\Documents and Settings\Microsoft User\Desktop\mw9791enu.exe
[2011/05/09 05:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft User\Application Data\Easeware
[2011/05/09 05:28:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/05/09 05:27:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/04/15 12:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft User\Desktop\Lease
[2008/01/25 18:08:42 | 000,155,726 | ---- | C] (Palm, Inc.) -- C:\Program Files\HotSyncWizard.exe
[2008/01/03 18:28:08 | 001,392,640 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Hotsync.exe
[2008/01/03 18:28:08 | 000,806,912 | R--- | C] (ACCESS Systems Americas, Inc.) -- C:\Program Files\Palm.exe
[2008/01/03 18:28:08 | 000,458,752 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AlarmApp_PSI.exe
[2008/01/03 18:28:08 | 000,114,688 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Instapp.exe
[2008/01/03 18:19:46 | 000,704,512 | R--- | C] (PalmSource, Inc) -- C:\Program Files\ToDoAgents.dll
[2008/01/03 18:19:46 | 000,647,168 | R--- | C] (PalmSource, Inc) -- C:\Program Files\ToDoDesktop.dll
[2008/01/03 18:19:46 | 000,598,016 | R--- | C] (PalmSource, Inc) -- C:\Program Files\ToDoBase.dll
[2008/01/03 18:19:46 | 000,299,008 | R--- | C] (PalmSource, Inc) -- C:\Program Files\sync20.dll
[2008/01/03 18:19:46 | 000,290,816 | R--- | C] (PalmSource, Inc) -- C:\Program Files\SchemaModelWin.dll
[2008/01/03 18:19:46 | 000,249,856 | ---- | C] (PalmSource, Inc) -- C:\Program Files\PalmCmn.dll
[2008/01/03 18:19:46 | 000,217,088 | R--- | C] (PalmSource, Inc) -- C:\Program Files\TodoList.dll
[2008/01/03 18:19:46 | 000,208,896 | R--- | C] (PalmSource, Inc.) -- C:\Program Files\sgTables_PSI.dll
[2008/01/03 18:19:46 | 000,192,512 | ---- | C] (PalmSource, Inc) -- C:\Program Files\Table22_PSI.dll
[2008/01/03 18:19:46 | 000,180,224 | R--- | C] (PalmSource, Inc) -- C:\Program Files\VFSAPI.dll
[2008/01/03 18:19:46 | 000,180,224 | ---- | C] (PalmSource, Inc) -- C:\Program Files\Table50.dll
[2008/01/03 18:19:46 | 000,135,168 | ---- | C] (PalmSource, Inc) -- C:\Program Files\TableGlue.dll
[2008/01/03 18:19:46 | 000,102,400 | R--- | C] (PalmSource, Inc) -- C:\Program Files\TodoCond.dll
[2008/01/03 18:19:46 | 000,086,016 | R--- | C] (PalmSource, Inc) -- C:\Program Files\versit_PSI.dll
[2008/01/03 18:19:46 | 000,061,440 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Viewer.dll
[2008/01/03 18:19:46 | 000,061,440 | ---- | C] (PalmSource, Inc) -- C:\Program Files\PdCmn50.dll
[2008/01/03 18:19:46 | 000,042,496 | R--- | C] (PalmSource, Inc) -- C:\Program Files\USBTransport.dll
[2008/01/03 18:19:46 | 000,022,528 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Serial.dll
[2008/01/03 18:19:46 | 000,019,968 | R--- | C] (PalmSource, Inc) -- C:\Program Files\PdN50.dll
[2008/01/03 18:19:46 | 000,007,168 | R--- | C] (PalmSource, Inc) -- C:\Program Files\ToDoDevice.dll
[2008/01/03 18:19:44 | 001,048,576 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AsAgent.dll
[2008/01/03 18:19:44 | 000,983,040 | R--- | C] (PalmSource, Inc) -- C:\Program Files\CondAgent.dll
[2008/01/03 18:19:44 | 000,901,120 | R--- | C] (PalmSource, Inc) -- C:\Program Files\PalmUI_PSI.dll
[2008/01/03 18:19:44 | 000,790,528 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AgentConduitBase.dll
[2008/01/03 18:19:44 | 000,708,608 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateAgents.dll
[2008/01/03 18:19:44 | 000,704,512 | R--- | C] (PalmSource, Inc) -- C:\Program Files\MemoAgents.dll
[2008/01/03 18:19:44 | 000,692,224 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DeviceBase.dll
[2008/01/03 18:19:44 | 000,655,360 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DesktopBase.dll
[2008/01/03 18:19:44 | 000,655,360 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateDesktop.dll
[2008/01/03 18:19:44 | 000,647,168 | R--- | C] (PalmSource, Inc) -- C:\Program Files\MemoDesktop.dll
[2008/01/03 18:19:44 | 000,626,688 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateBook.dll
[2008/01/03 18:19:44 | 000,606,208 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateBase.dll
[2008/01/03 18:19:44 | 000,598,016 | R--- | C] (MemoPad Agent) -- C:\Program Files\MemoBase.dll
[2008/01/03 18:19:44 | 000,532,480 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AsSync.dll
[2008/01/03 18:19:44 | 000,282,624 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Copper.dll
[2008/01/03 18:19:44 | 000,262,144 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AsModel.dll
[2008/01/03 18:19:44 | 000,245,760 | R--- | C] (Pizzolato Davide) -- C:\Program Files\cxImage.dll
[2008/01/03 18:19:44 | 000,217,088 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Memopad.dll
[2008/01/03 18:19:44 | 000,192,512 | R--- | C] (PalmSource, Inc) -- C:\Program Files\PalmShare_PSI.dll
[2008/01/03 18:19:44 | 000,188,416 | R--- | C] (PalmSource, Inc) -- C:\Program Files\hslog20.dll
[2008/01/03 18:19:44 | 000,180,224 | ---- | C] (PalmSource, Inc) -- C:\Program Files\Condmgr.dll
[2008/01/03 18:19:44 | 000,172,032 | ---- | C] (PalmSource, Inc) -- C:\Program Files\Instaide.dll
[2008/01/03 18:19:44 | 000,167,936 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Imex50.dll
[2008/01/03 18:19:44 | 000,167,936 | R--- | C] (PalmSource, Inc) -- C:\Program Files\cmds21.dll
[2008/01/03 18:19:44 | 000,147,456 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AsSerial.dll
[2008/01/03 18:19:44 | 000,131,072 | ---- | C] (PalmSource, Inc.) -- C:\Program Files\ComConduit.dll
[2008/01/03 18:19:44 | 000,114,688 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateCond.dll
[2008/01/03 18:19:44 | 000,106,496 | R--- | C] (PalmSource, Inc.) -- C:\Program Files\imex22_PSI.dll
[2008/01/03 18:19:44 | 000,098,304 | R--- | C] (PalmSource, Inc) -- C:\Program Files\PalmUtility.dll
[2008/01/03 18:19:44 | 000,098,304 | R--- | C] (PalmSource, Inc) -- C:\Program Files\ExtBase.dll
[2008/01/03 18:19:44 | 000,094,208 | R--- | C] (PalmSource, Inc) -- C:\Program Files\MemoCond.dll
[2008/01/03 18:19:44 | 000,081,920 | R--- | C] (PalmSource, Inc) -- C:\Program Files\inscn20.dll
[2008/01/03 18:19:44 | 000,081,920 | R--- | C] (PalmSource, Inc) -- C:\Program Files\HSAPI.dll
[2008/01/03 18:19:44 | 000,081,920 | R--- | C] (PalmSource, Inc) -- C:\Program Files\bakcn20.dll
[2008/01/03 18:19:44 | 000,073,728 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateAlarm_PSI.dll
[2008/01/03 18:19:44 | 000,069,632 | R--- | C] (PalmSource, Inc) -- C:\Program Files\HsExgCn.dll
[2008/01/03 18:19:44 | 000,069,632 | R--- | C] (PalmSource, Inc) -- C:\Program Files\CIApI.dll
[2008/01/03 18:19:44 | 000,069,632 | R--- | C] (PalmSource, Inc) -- C:\Program Files\CardInst.dll
[2008/01/03 18:19:44 | 000,069,632 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AlarmSvr_PSI.dll
[2008/01/03 18:19:44 | 000,045,056 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AlarmNotify_PSI.dll
[2008/01/03 18:19:44 | 000,032,256 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Netcond.dll
[2008/01/03 18:19:44 | 000,007,168 | R--- | C] (PalmSource, Inc) -- C:\Program Files\MemoDevice.dll
[2008/01/03 18:19:44 | 000,007,168 | R--- | C] (PalmSource, Inc) -- C:\Program Files\DateDevice.dll
[2008/01/03 18:19:44 | 000,005,632 | R--- | C] (PalmSource, Inc) -- C:\Program Files\InstAppN.dll
[2008/01/03 18:19:42 | 000,729,088 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AddrAgents.dll
[2008/01/03 18:19:42 | 000,696,320 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AddrDesktop.dll
[2008/01/03 18:19:42 | 000,655,360 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AddrBase.dll
[2008/01/03 18:19:42 | 000,614,400 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AddrDevice.dll
[2008/01/03 18:19:42 | 000,598,016 | R--- | C] (PalmSource, Inc) -- C:\Program Files\Address.dll
[2008/01/03 18:19:42 | 000,131,072 | R--- | C] (PalmSource, Inc) -- C:\Program Files\AddrCond.dll
[2008/01/03 18:13:54 | 000,188,416 | ---- | C] (PalmSource, Inc) -- C:\Program Files\PSDConduit.dll
[2008/01/03 18:13:48 | 000,307,200 | ---- | C] (PalmSource, Inc.) -- C:\Program Files\ComStandard.dll
[2008/01/03 18:13:38 | 000,131,072 | ---- | C] (PalmSource Inc) -- C:\Program Files\DmConduit.dll
[2008/01/03 18:13:34 | 000,147,456 | ---- | C] (PalmSource, Inc.) -- C:\Program Files\ComDirect.dll
[2008/01/03 17:57:54 | 000,035,328 | R--- | C] (Palmsource, Inc) -- C:\Program Files\RestartPalm.exe
[2008/01/03 17:39:24 | 000,081,920 | R--- | C] ( ) -- C:\Program Files\InterOp.PDStandardLib.Dll
[2008/01/03 17:39:24 | 000,045,056 | R--- | C] ( ) -- C:\Program Files\InterOp.PSDConduitLib.Dll
[2008/01/03 17:39:24 | 000,045,056 | R--- | C] ( ) -- C:\Program Files\InterOp.PDDirectLib.Dll
[2008/01/03 17:39:24 | 000,032,768 | R--- | C] ( ) -- C:\Program Files\InterOp.DMCONDUITLib.Dll
[2007/12/19 15:55:18 | 000,806,912 | ---- | C] (ACCESS Systems Americas, Inc.) -- C:\Program Files\Palm_1219.exe
[2007/12/12 16:53:28 | 000,221,184 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\Photos.dll
[2007/12/12 11:53:44 | 000,151,552 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpTasksHH.dll
[2007/12/12 11:53:40 | 000,114,688 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpTasksCn.dll
[2007/12/12 11:53:32 | 000,184,320 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpTasksOL.dll
[2007/12/12 11:53:24 | 000,126,976 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpPIMStoreIF.dll
[2007/12/12 11:53:16 | 000,086,016 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpNotifier.dll
[2007/12/12 11:53:12 | 000,159,744 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpNotesOL.dll
[2007/12/12 11:53:04 | 000,126,976 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpNotesHH.dll
[2007/12/12 11:52:58 | 000,114,688 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpNotesCn.dll
[2007/12/12 11:52:52 | 000,196,608 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpMapInfo.dll
[2007/12/12 11:52:46 | 000,143,360 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpConduitUI.dll
[2007/12/12 11:52:34 | 000,114,688 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpCalendarCn.dll
[2007/12/12 11:52:28 | 000,131,072 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpCalendarHH.dll
[2007/12/12 11:52:20 | 000,430,080 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpContactsOL.dll
[2007/12/12 11:52:10 | 000,249,856 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpCalendarOL.dll
[2007/12/12 11:51:54 | 000,184,320 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpSyncClient.dll
[2007/12/12 11:51:48 | 000,024,576 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpProgressBar.dll
[2007/12/12 11:51:46 | 000,172,032 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpContactsHH.dll
[2007/12/12 11:51:40 | 000,094,208 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpHHDbWrapper.dll
[2007/12/12 11:51:36 | 000,114,688 | ---- | C] (Palm, Inc.) -- C:\Program Files\ocpContactsCn.dll
[2007/12/07 16:27:20 | 000,053,248 | ---- | C] (Palm, Inc.) -- C:\Program Files\ReadDeviceInfo.dll
[2007/12/07 16:27:18 | 000,086,094 | ---- | C] (Palm Computing, Inc.) -- C:\Program Files\HSWizardNotify.dll
[2007/12/07 16:27:18 | 000,077,893 | ---- | C] (Palm, Inc.) -- C:\Program Files\AutoDetect.dll
[2007/06/11 16:25:58 | 000,019,456 | ---- | C] (Palm, Inc.) -- C:\Program Files\SgConflictNotifier.dll
[2007/03/19 11:00:42 | 000,786,432 | R--- | C] (Palm, Inc.) -- C:\Program Files\PalmUI.dll
[2007/02/26 10:46:04 | 000,307,200 | ---- | C] (NormSoft, Inc.) -- C:\Program Files\PTunesSP.dll
[2006/11/25 01:32:00 | 000,200,704 | ---- | C] (Bluefish Wireless Pty Ltd) -- C:\Program Files\AddItManager.exe
[2006/11/21 18:45:58 | 000,110,592 | ---- | C] (Bluefish Wireless Pty Ltd) -- C:\Program Files\AddItConduit.dll
[2006/02/20 10:14:56 | 000,040,960 | ---- | C] (Bluefish Wireless Inc.) -- C:\Program Files\AddItTaskProc.exe
[2005/09/23 06:56:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfcm80.dll
[2005/09/23 06:56:36 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2005/09/23 06:56:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfcm80u.dll
[2005/09/23 01:16:14 | 001,093,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc80.dll
[2005/09/23 01:16:14 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc80u.dll
[2005/09/22 23:05:58 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2005/09/22 23:05:58 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2005/03/03 17:09:36 | 001,016,320 | ---- | C] (H+BEDV Datentechnik GmbH) -- C:\Program Files\AVEWIN32.DLL
[2004/12/12 19:29:28 | 000,098,304 | ---- | C] (HealtheTech Inc.) -- C:\Program Files\HealtheInstall.dll
[2004/12/12 19:29:27 | 000,413,696 | ---- | C] (HealtheTech Inc.) -- C:\Program Files\HealtheSync.dll
[2004/10/26 15:46:54 | 000,053,248 | ---- | C] (Bluefish Wireless Pty Ltd) -- C:\Program Files\AddItConfig.dll
[2004/06/10 10:06:00 | 000,090,112 | ---- | C] (Softick) -- C:\Program Files\PalmUSBDirect.dll
[2004/04/13 17:03:50 | 000,552,960 | ---- | C] (palmOne, Inc.) -- C:\Program Files\QuickInstall.exe
[2004/04/13 17:03:50 | 000,102,400 | ---- | C] (palmOne, Inc.) -- C:\Program Files\PqiIcon.dll
[2004/04/13 17:03:50 | 000,090,112 | ---- | C] (palmOne, Inc.) -- C:\Program Files\PRouter.dll
[2004/04/13 17:03:50 | 000,081,920 | ---- | C] (palmOne, Inc.) -- C:\Program Files\SgControls.dll
[2004/04/13 17:03:50 | 000,049,152 | ---- | C] (palmOne, Inc.) -- C:\Program Files\DefaultPlugin.dll
[2004/04/13 17:03:50 | 000,045,056 | ---- | C] (palmOne, Inc.) -- C:\Program Files\SgPqiCn.dll
[2004/04/13 17:03:50 | 000,040,960 | ---- | C] (palmOne, Inc.) -- C:\Program Files\SgInstallFileList.dll
[2004/04/13 17:03:50 | 000,040,960 | ---- | C] (palmOne, Inc.) -- C:\Program Files\PictPreview.dll
[2004/04/13 17:03:50 | 000,032,768 | ---- | C] (palmOne, Inc.) -- C:\Program Files\AnnaNotifier.dll
[2004/04/13 17:03:46 | 000,196,608 | ---- | C] (Palm, Inc.) -- C:\Program Files\VoiceMemoExt.ocx
[2004/04/13 17:03:46 | 000,147,456 | ---- | C] (Palm, Inc.) -- C:\Program Files\VoiceMemo.dll
[2004/04/13 17:03:36 | 000,708,608 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\EzDll.dll
[2004/04/13 17:03:36 | 000,332,800 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\FPXLIB.DLL
[2004/04/13 17:03:36 | 000,319,488 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\EXIF.DLL
[2004/04/13 17:03:36 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\Pcdlib32.dll
[2004/04/13 17:03:36 | 000,122,880 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\JPEGLIB.DLL
[2004/04/13 17:03:36 | 000,116,224 | ---- | C] (Palm, Inc. developed by ArcSoft, Inc.) -- C:\Program Files\Fil

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 May 2011 - 10:06 AM

Good news, wxwax. There may be a definitive fix for your problem.

I see from your OTL log that you have recently installed Kaspersky 2011. Other people installing Kaspersky 2011 have encountered similar USB malfunction. Please read
http://forum.kaspers...4 and the next five or six posts there. The exact circumstances seem a bit unpredictable.

I would like you to try the Kaspersky fix for this. First back up your PC, then follow the directions here:
http://support.kaspe...e-article/99002 Option #1
.

If that works and your USB is working again then immediately do this to get rid of the Restore Points that would restore the trouble:
Start OTL.
In the 'Custom Scans/Fixes' window, enter the following:
[box]
CLEARALLRESTOREPOINTS[/box]
Then click 'Run Scan'.
This will remove all current restore points and create a new restore point after the scan is completed.
Post the new OTL.TXT


Please let me know whether the fix worked.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 15 May 2011 - 10:49 AM

Unfortunately, I downloaded Kapersky after losing USB. I tried it after reading the FAQ here. I had previously read about its potential for causing USB problems. (I'm not using it because it needs me to delete AdAware in order to function, something I'm not willing to do.)

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 May 2011 - 10:58 AM

Please try the tool anyway. Since there are remnants of Kaspersky on your PC it will be just as well to get rid of them. Uninstall Kaspersky first if it is still installed (it doesn't appear to be).

I expect you are already familiar with this page?
http://support.microsoft.com/kb/817900
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 15 May 2011 - 04:40 PM

Good news.

Following your advice I opened the box. In the process I had to disconnect a decade's worth of cable snakes and USB devices. Some of the USB devices were still plugged into USB slots even though I no longer use them.

After doing all that, and only plugging back in the devices I needed, magically all the computer's USB ports seem to be working again. I tested them all and they all function.

I have no idea why they malfunctioned without showing any warning messages in Device manager. But I'm happy.

I'm now leery of downloading that Kapersky registry removal tool because it wants to add things to my registry as part of the removal process. Should I do it anyway?

Thank you a million times for your patience and help. It's amazing that people like you volunteer your time to helps folks with problems. You're very kind.

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 May 2011 - 05:02 PM

Wonderful news!

The problem could have been partly that your internal USB doesn't have enough power for many devices. You might want to add an external hub with its own power supply.

I think you are right about not letting Kaspersky lay hands on your PC if you don't have to. Do not run the tool.
You can get rid of the remnants with OTL.

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:
[box]:OTL
[2011/05/14 21:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/14 21:51:25 | 115,655,576 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Microsoft User\Desktop\kav2011_11.0.2.556-1782en_us.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][/box]
Close other windows.
Then click 'Run Fix'.

Reboot if OTL doesn't do it.

Post the log OTL.TXT in your reply.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 15 May 2011 - 07:56 PM

Sweet! That was quick.




OTL.txt Log


========== OTL ==========
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.2.556\English folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.2.556 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files folder moved successfully.
C:\Documents and Settings\Microsoft User\Desktop\kav2011_11.0.2.556-1782en_us.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ deleted successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 05152011_215553

#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 May 2011 - 08:33 PM

Looking good. :)

Please run SecurityCheck again and post its checkup.txt output.
(Download Security Check by screen317 from here)

Then to remove the tools we have had you download, run OTL one more time. Click the 'CleanUp' button.

Your PC is well protected, provided you keep your programs up to date.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws. I suggest running it now. It puts up a web page of results.

Advice for malware prevention:
Some of this may not apply to you.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.
If you are interested, Firefox may be downloaded from here
Chrome is available here: http://www.google.co...e/features.html

For much more useful information, please be sure to read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 15 May 2011 - 11:50 PM

Here's the Security Check log. I can't uninstall the Adobe Reader program. It simply won't, using Add/Remove. And as I said before, I never use IE.

I don't know why it shows Java as being out of date. I uninstalled all the old components and installed a fresh download.



Security Check Log


Results of screen317's Security Check version 0.99.3
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Outpost Firewall 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Edited by wxwax, 15 May 2011 - 11:54 PM.


#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 May 2011 - 11:44 AM

You were running an out-of-date Security Check version. Your Java is fine.


For Adobe:

Try reinstalling Reader 9.1. http://www.adobe.com....jsp?ftpID=3970
or
Try installing the Adobe Reader 9.1.3 update. http://www.adobe.com....jsp?ftpID=4530

If neither of those gives you a working uninstaller,
Try running free Revo Uninstaller http://www.revounins...e_download.html (an excellent program).

If uninstall succeeds, get the latest http://get.adobe.com/reader/

If you can't get it to uninstall with any of those methods, we can try ripping out the pieces with OTL.

Please let me know.


Also I am concerned event reporting. From your OTL Extras log:

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

Please do Start > Run, and enter services.msc.
The Event Service is named something like 'Windows Event Log'. Find it, double click, make sure the Startup type is set to Automatic.
If necessary click its Start button.

Then please try to run Event Viewer, and let me know what happens:
Start > Run > eventvwr.msc
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 wxwax

wxwax

    Member

  • Full Member
  • Pip
  • 43 posts

Posted 17 May 2011 - 12:16 PM

OK, here's the latest Security Check. My Add/Remove Programs shows no signs of Adobe Reader, so a success story there! I had to use the Revo Uninstaller. A bit scary watching it snort and stomp through the registry!

Here are links to screen grabs from the Event Viewer display. I've selected the areas which have the word "Error."

Event Viewer main display. Event Viewer Application display. And Event Viewer System display.



Security Check Log


Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Outpost Firewall 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 25
Adobe Flash Player 10.3.181.14
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Edited by wxwax, 17 May 2011 - 12:16 PM.


#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 May 2011 - 01:10 PM

Good.

Get latest Adobe Reader: Adobe Reader X
Update your Flash.
Get Internet Explorer 8 or 9. IE 6 is a vulnerability even if you do not run it.

It appears that the Event Service is running fine now.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 May 2011 - 01:11 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 May 2011 - 01:34 PM

Woops, I forgot.

Please run OTL one more time and click 'CleanUp'. This should remove our tools including OTL itself.

Enjoyed working with you!
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button