PDA

View Full Version : Boot problems



savanna
2013-01-20, 04:46
My computer sometimes takes a very long time to boot. Even after waiting for 5-10 minutes I sometimes have to shut it down and try again. I've found and removed a few things using Spybot, MalwareBytes and Eset, but it hasn't changed. I know that I wasn't supposed to, but out of desperation, I even tried ComboFix to see if that would work, but it did not.

I'm hoping that it is not a matter of re-installing the operating system. I would greatly appreciate it if someone could guide me through a more thorough inspection and cleaning before I resort to such a drastic measure.

Any help insuring that my machine is clean would be sincerely appreciated.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Bob at 20:44:32 on 2013-01-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.904 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
mLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe /fu "c:\docume~1\bob\locals~1\temp\E_S294.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [rfagent] c:\junk non-backup\registry first aid move\rfa\rfagent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349819256953
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : NameServer = 74.40.74.40,74.40.74.41
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q=
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\bob\local settings\application data\citrix\plugins\79\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-11 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-11 40648]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-11 14920]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-11 185032]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-10-11 69192]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-10-11 23624]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-8 15552]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-13 3467768]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-01-15 16:29:59 -------- d-----w- c:\documents and settings\bob\dwhelper
.
==================== Find3M ====================
.
2013-01-19 22:40:48 306176 --sha-w- C:\EUMONBMP.SYS
2013-01-09 11:19:35 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 11:19:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
.
============= FINISH: 20:45:18.51 ===============



aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 18:31:06
-----------------------------
18:31:06.984 OS Version: Windows 5.1.2600 Service Pack 3
18:31:06.984 Number of processors: 2 586 0xF0D
18:31:06.984 ComputerName: INSPIRON UserName: Bob
18:31:09.421 Initialize success
18:31:23.687 AVAST engine defs: 13011901
18:32:09.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:32:09.093 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA73A Size: 305245MB BusType: 3
18:32:09.140 Disk 0 MBR read successfully
18:32:09.140 Disk 0 MBR scan
18:32:09.187 Disk 0 Windows XP default MBR code
18:32:09.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:32:09.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305187 MB offset 96390
18:32:09.312 Disk 0 scanning sectors +625121280
18:32:09.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:32:39.843 Service scanning
18:32:51.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:32:54.875 Modules scanning
18:33:23.125 Disk 0 trace - called modules:
18:33:23.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
18:33:23.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d8ab8]
18:33:23.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a6def18]
18:33:23.187 5 ACPI.sys[b9e6f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c3940]
18:33:24.390 AVAST engine scan C:\WINDOWS
18:34:54.968 AVAST engine scan C:\WINDOWS\system32
18:43:48.171 AVAST engine scan C:\WINDOWS\system32\drivers
18:45:34.203 AVAST engine scan C:\Documents and Settings\Bob
19:33:57.578 AVAST engine scan C:\Documents and Settings\All Users
19:41:40.812 Scan finished successfully
20:44:14.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
20:44:14.390 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"

torreattack
2013-02-04, 17:55
Hi savanna :

Sorry for being late.

Since those logs that I have with me now is quite old, I need to get new logs.

1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Double click on TDSSKiller.exe to run it.
When the TDSSKiller finish loading, click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


3. I need more information before we continue.

What is the symptoms (besides slow boot) that make you think you are infected? Any re-direction, strange sound, email hacked, pop-up?
Since when this incident happen?
What is the last thing that you do before this incident happen?



thanks,
torreattack

savanna
2013-02-09, 01:33
I has some re-direction a while back along with the slow boot, but I haven't noticed anything recently.

OTL.txt and Extras.txt files will be included in the next 2 posts due to their size.

Thank you for you your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

16:36:59.0140 5296 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:36:59.0515 5296 ============================================================
16:36:59.0515 5296 Current date / time: 2013/02/08 16:36:59.0515
16:36:59.0515 5296 SystemInfo:
16:36:59.0515 5296
16:36:59.0515 5296 OS Version: 5.1.2600 ServicePack: 3.0
16:36:59.0515 5296 Product type: Workstation
16:36:59.0515 5296 ComputerName: INSPIRON
16:36:59.0515 5296 UserName: Bob
16:36:59.0515 5296 Windows directory: C:\WINDOWS
16:36:59.0515 5296 System windows directory: C:\WINDOWS
16:36:59.0515 5296 Processor architecture: Intel x86
16:36:59.0515 5296 Number of processors: 2
16:36:59.0515 5296 Page size: 0x1000
16:36:59.0515 5296 Boot type: Normal boot
16:36:59.0515 5296 ============================================================
16:37:00.0703 5296 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:37:00.0703 5296 ============================================================
16:37:00.0703 5296 \Device\Harddisk0\DR0:
16:37:00.0703 5296 MBR partitions:
16:37:00.0703 5296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x25411F7A
16:37:00.0703 5296 ============================================================
16:37:00.0750 5296 C: <-> \Device\Harddisk0\DR0\Partition1
16:37:00.0750 5296 ============================================================
16:37:00.0750 5296 Initialize success
16:37:00.0750 5296 ============================================================
16:37:05.0843 5016 ============================================================
16:37:05.0843 5016 Scan started
16:37:05.0843 5016 Mode: Manual;
16:37:05.0843 5016 ============================================================
16:37:06.0546 5016 ================ Scan system memory ========================
16:37:06.0546 5016 System memory - ok
16:37:06.0546 5016 ================ Scan services =============================
16:37:06.0687 5016 Abiosdsk - ok
16:37:06.0687 5016 abp480n5 - ok
16:37:06.0750 5016 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:37:06.0765 5016 ACPI - ok
16:37:06.0796 5016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:37:06.0796 5016 ACPIEC - ok
16:37:06.0859 5016 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:37:06.0875 5016 AdobeFlashPlayerUpdateSvc - ok
16:37:06.0875 5016 adpu160m - ok
16:37:06.0937 5016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:37:06.0937 5016 aec - ok
16:37:06.0984 5016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:37:06.0984 5016 AFD - ok
16:37:07.0000 5016 Aha154x - ok
16:37:07.0015 5016 aic78u2 - ok
16:37:07.0046 5016 aic78xx - ok
16:37:07.0093 5016 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:37:07.0093 5016 Alerter - ok
16:37:07.0109 5016 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:37:07.0109 5016 ALG - ok
16:37:07.0125 5016 AliIde - ok
16:37:07.0140 5016 amsint - ok
16:37:07.0234 5016 [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
16:37:07.0234 5016 AntUpdaterService - ok
16:37:07.0281 5016 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:37:07.0281 5016 AnyDVD - ok
16:37:07.0343 5016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:37:07.0343 5016 Apple Mobile Device - ok
16:37:07.0375 5016 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:37:07.0375 5016 AppMgmt - ok
16:37:07.0390 5016 asc - ok
16:37:07.0406 5016 asc3350p - ok
16:37:07.0437 5016 asc3550 - ok
16:37:07.0531 5016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:37:07.0562 5016 aspnet_state - ok
16:37:07.0593 5016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:37:07.0593 5016 AsyncMac - ok
16:37:07.0625 5016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:37:07.0625 5016 atapi - ok
16:37:07.0640 5016 Atdisk - ok
16:37:07.0687 5016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:37:07.0687 5016 Atmarpc - ok
16:37:07.0718 5016 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:37:07.0718 5016 AudioSrv - ok
16:37:07.0765 5016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:37:07.0765 5016 audstub - ok
16:37:07.0765 5016 AVG Anti-Rootkit - ok
16:37:07.0796 5016 AvgArCln - ok
16:37:07.0843 5016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:37:07.0843 5016 Beep - ok
16:37:07.0875 5016 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:37:08.0000 5016 BITS - ok
16:37:08.0062 5016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:37:08.0078 5016 Bonjour Service - ok
16:37:08.0109 5016 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:37:08.0109 5016 Browser - ok
16:37:08.0187 5016 catchme - ok
16:37:08.0203 5016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:37:08.0203 5016 cbidf2k - ok
16:37:08.0234 5016 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:37:08.0234 5016 CCDECODE - ok
16:37:08.0250 5016 cd20xrnt - ok
16:37:08.0281 5016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:37:08.0281 5016 Cdaudio - ok
16:37:08.0312 5016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:37:08.0312 5016 Cdfs - ok
16:37:08.0328 5016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:37:08.0328 5016 Cdrom - ok
16:37:08.0359 5016 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
16:37:08.0359 5016 cercsr6 - ok
16:37:08.0375 5016 Changer - ok
16:37:08.0421 5016 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:37:08.0421 5016 CiSvc - ok
16:37:08.0468 5016 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:37:08.0468 5016 ClipSrv - ok
16:37:08.0500 5016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:08.0578 5016 clr_optimization_v2.0.50727_32 - ok
16:37:08.0640 5016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:37:08.0640 5016 clr_optimization_v4.0.30319_32 - ok
16:37:08.0656 5016 CmdIde - ok
16:37:08.0671 5016 COMSysApp - ok
16:37:08.0718 5016 Cpqarray - ok
16:37:08.0765 5016 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
16:37:08.0765 5016 cpudrv - ok
16:37:08.0796 5016 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:37:08.0796 5016 CryptSvc - ok
16:37:08.0812 5016 dac2w2k - ok
16:37:08.0843 5016 dac960nt - ok
16:37:08.0890 5016 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:37:08.0890 5016 DcomLaunch - ok
16:37:08.0937 5016 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:37:08.0937 5016 Dhcp - ok
16:37:08.0953 5016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:37:08.0953 5016 Disk - ok
16:37:08.0968 5016 dmadmin - ok
16:37:09.0015 5016 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:37:09.0031 5016 dmboot - ok
16:37:09.0046 5016 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
16:37:09.0046 5016 dmio - ok
16:37:09.0078 5016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:37:09.0078 5016 dmload - ok
16:37:09.0109 5016 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:37:09.0109 5016 dmserver - ok
16:37:09.0125 5016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:37:09.0125 5016 DMusic - ok
16:37:09.0171 5016 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:37:09.0171 5016 Dnscache - ok
16:37:09.0203 5016 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:37:09.0203 5016 Dot3svc - ok
16:37:09.0218 5016 dpti2o - ok
16:37:09.0250 5016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:37:09.0250 5016 drmkaud - ok
16:37:09.0312 5016 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:37:09.0312 5016 e1express - ok
16:37:09.0328 5016 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:37:09.0328 5016 EapHost - ok
16:37:09.0406 5016 [ D5EA19ADC8C9AF39BD1C8E17FA3DEDE4 ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
16:37:09.0437 5016 EaseUS Agent - ok
16:37:09.0484 5016 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
16:37:09.0484 5016 ElbyCDFL - ok
16:37:09.0531 5016 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:37:09.0531 5016 ElbyCDIO - ok
16:37:09.0578 5016 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:37:09.0578 5016 ERSvc - ok
16:37:09.0625 5016 [ 550945BE45CF746B9FBEA30E0B7C90AB ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
16:37:09.0625 5016 EUBAKUP - ok
16:37:09.0640 5016 [ 309056A5472C3705C55565F58B154DF0 ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys
16:37:09.0640 5016 EUBKMON - ok
16:37:09.0656 5016 [ FD20932B3A68E34A4D07ECEB2D54AB01 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
16:37:09.0656 5016 EUDSKACS - ok
16:37:09.0687 5016 [ 158CDFCA5E2A8E91E503E43228F89125 ] EUFDDISK C:\WINDOWS\system32\drivers\EuFdDisk.sys
16:37:09.0687 5016 EUFDDISK - ok
16:37:09.0734 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:37:09.0734 5016 Eventlog - ok
16:37:09.0750 5016 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:37:09.0765 5016 EventSystem - ok
16:37:09.0812 5016 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
16:37:09.0812 5016 EverestDriver - ok
16:37:09.0828 5016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:37:09.0843 5016 Fastfat - ok
16:37:09.0875 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:37:09.0875 5016 FastUserSwitchingCompatibility - ok
16:37:09.0921 5016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:37:09.0921 5016 Fdc - ok
16:37:09.0937 5016 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:37:09.0937 5016 Fips - ok
16:37:09.0968 5016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:37:09.0968 5016 Flpydisk - ok
16:37:09.0984 5016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:37:10.0000 5016 FltMgr - ok
16:37:10.0046 5016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:37:10.0046 5016 FontCache3.0.0.0 - ok
16:37:10.0062 5016 [ 3528C9EC493CA524A877D217C7D51600 ] FSProFilter C:\WINDOWS\system32\Drivers\FSPFltd.sys
16:37:10.0078 5016 FSProFilter - ok
16:37:10.0109 5016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:37:10.0109 5016 Fs_Rec - ok
16:37:10.0125 5016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:37:10.0125 5016 Ftdisk - ok
16:37:10.0156 5016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:37:10.0156 5016 GEARAspiWDM - ok
16:37:10.0187 5016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:37:10.0187 5016 Gpc - ok
16:37:10.0218 5016 [ C6A9EA32174545F7DD3C991E9FBECB2F ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
16:37:10.0250 5016 Guard Agent - ok
16:37:10.0281 5016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:37:10.0281 5016 HDAudBus - ok
16:37:10.0343 5016 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:37:10.0343 5016 helpsvc - ok
16:37:10.0390 5016 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:37:10.0390 5016 HidServ - ok
16:37:10.0421 5016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:37:10.0421 5016 hidusb - ok
16:37:10.0453 5016 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:37:10.0468 5016 hkmsvc - ok
16:37:10.0468 5016 hpn - ok
16:37:10.0515 5016 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:37:10.0515 5016 HSFHWBS2 - ok
16:37:10.0562 5016 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:37:10.0578 5016 HSF_DP - ok
16:37:10.0609 5016 HssWd - ok
16:37:10.0656 5016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:37:10.0656 5016 HTTP - ok
16:37:10.0687 5016 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:37:10.0703 5016 HTTPFilter - ok
16:37:10.0718 5016 i2omgmt - ok
16:37:10.0750 5016 i2omp - ok
16:37:10.0796 5016 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
16:37:10.0796 5016 i8042prt - ok
16:37:10.0953 5016 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:37:11.0015 5016 ialm - ok
16:37:11.0109 5016 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:37:11.0109 5016 IDriverT - ok
16:37:11.0187 5016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:37:11.0187 5016 idsvc - ok
16:37:11.0218 5016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:37:11.0218 5016 Imapi - ok
16:37:11.0250 5016 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:37:11.0265 5016 ImapiService - ok
16:37:11.0281 5016 ini910u - ok
16:37:11.0406 5016 [ F7F3328544E1AC2E97CAEA9B39D9B9DE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:37:11.0484 5016 IntcAzAudAddService - ok
16:37:11.0500 5016 IntelIde - ok
16:37:11.0546 5016 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:37:11.0546 5016 intelppm - ok
16:37:11.0578 5016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:37:11.0578 5016 Ip6Fw - ok
16:37:11.0625 5016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:37:11.0625 5016 IpFilterDriver - ok
16:37:11.0656 5016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:37:11.0671 5016 IpInIp - ok
16:37:11.0671 5016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:37:11.0687 5016 IpNat - ok
16:37:11.0734 5016 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:37:11.0734 5016 iPod Service - ok
16:37:11.0765 5016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:37:11.0765 5016 IPSec - ok
16:37:11.0796 5016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:37:11.0796 5016 IRENUM - ok
16:37:11.0828 5016 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:37:11.0828 5016 isapnp - ok
16:37:11.0906 5016 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:37:11.0906 5016 JavaQuickStarterService - ok
16:37:11.0937 5016 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:37:11.0937 5016 Kbdclass - ok
16:37:11.0953 5016 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:37:11.0953 5016 kbdhid - ok
16:37:12.0250 5016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:37:12.0250 5016 kmixer - ok
16:37:12.0281 5016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:37:12.0281 5016 KSecDD - ok
16:37:12.0328 5016 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:37:12.0328 5016 lanmanserver - ok
16:37:12.0375 5016 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:37:12.0390 5016 lanmanworkstation - ok
16:37:12.0390 5016 Lbd - ok
16:37:12.0390 5016 lbrtfdc - ok
16:37:12.0421 5016 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:37:12.0421 5016 LmHosts - ok
16:37:12.0500 5016 [ 850CC3EE0507654C40E1971982F4B698 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
16:37:12.0500 5016 LMIGuardianSvc - ok
16:37:12.0531 5016 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
16:37:12.0546 5016 LMIInfo - ok
16:37:12.0546 5016 [ 47DC389D96A34DEBDF9C2C2555DA2F01 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
16:37:12.0546 5016 LMIMaint - ok
16:37:12.0578 5016 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
16:37:12.0578 5016 lmimirr - ok
16:37:12.0578 5016 LMIRfsClientNP - ok
16:37:12.0593 5016 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
16:37:12.0593 5016 LMIRfsDriver - ok
16:37:12.0625 5016 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
16:37:12.0625 5016 LogMeIn - ok
16:37:12.0671 5016 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:37:12.0671 5016 mdmxsdk - ok
16:37:12.0687 5016 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:37:12.0687 5016 Messenger - ok
16:37:12.0718 5016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:37:12.0718 5016 mnmdd - ok
16:37:12.0734 5016 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:37:12.0734 5016 mnmsrvc - ok
16:37:12.0765 5016 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:37:12.0765 5016 Modem - ok
16:37:12.0796 5016 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:37:12.0796 5016 MODEMCSA - ok
16:37:12.0796 5016 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:37:12.0812 5016 Mouclass - ok
16:37:12.0812 5016 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:37:12.0828 5016 mouhid - ok
16:37:12.0843 5016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:37:12.0843 5016 MountMgr - ok
16:37:12.0875 5016 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:37:12.0875 5016 MozillaMaintenance - ok
16:37:12.0890 5016 mraid35x - ok
16:37:12.0890 5016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:37:12.0890 5016 MRxDAV - ok
16:37:12.0937 5016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:37:12.0937 5016 MRxSmb - ok
16:37:12.0953 5016 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:37:12.0953 5016 MSDTC - ok
16:37:12.0953 5016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:37:12.0953 5016 Msfs - ok
16:37:12.0968 5016 MSIServer - ok
16:37:12.0984 5016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:37:12.0984 5016 MSKSSRV - ok
16:37:12.0984 5016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:37:12.0984 5016 MSPCLOCK - ok
16:37:13.0000 5016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:37:13.0000 5016 MSPQM - ok
16:37:13.0031 5016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:37:13.0031 5016 mssmbios - ok
16:37:13.0046 5016 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:37:13.0046 5016 MSTEE - ok
16:37:13.0062 5016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:37:13.0062 5016 Mup - ok
16:37:13.0078 5016 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:37:13.0078 5016 NABTSFEC - ok
16:37:13.0093 5016 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:37:13.0109 5016 napagent - ok
16:37:13.0109 5016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:37:13.0109 5016 NDIS - ok
16:37:13.0125 5016 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:37:13.0125 5016 NdisIP - ok
16:37:13.0156 5016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:37:13.0156 5016 NdisTapi - ok
16:37:13.0171 5016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:37:13.0171 5016 Ndisuio - ok
16:37:13.0171 5016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:37:13.0171 5016 NdisWan - ok
16:37:13.0203 5016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:37:13.0203 5016 NDProxy - ok
16:37:13.0218 5016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:37:13.0218 5016 NetBIOS - ok
16:37:13.0218 5016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:37:13.0234 5016 NetBT - ok
16:37:13.0250 5016 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:37:13.0250 5016 NetDDE - ok
16:37:13.0265 5016 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:37:13.0265 5016 NetDDEdsdm - ok
16:37:13.0281 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:37:13.0296 5016 Netlogon - ok
16:37:13.0296 5016 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:37:13.0312 5016 Netman - ok
16:37:13.0328 5016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:37:13.0343 5016 NetTcpPortSharing - ok
16:37:13.0359 5016 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:37:13.0359 5016 Nla - ok
16:37:13.0359 5016 NLNdisMP - ok
16:37:13.0375 5016 NLNdisPT - ok
16:37:13.0515 5016 [ 90C79EB9D0779E027EEEC8C1919A41DD ] Norton Ghost C:\Program Files\Norton Ghost\Agent\VProSvc.exe
16:37:13.0562 5016 Norton Ghost - ok
16:37:13.0593 5016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:37:13.0593 5016 Npfs - ok
16:37:13.0609 5016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:37:13.0609 5016 Ntfs - ok
16:37:13.0625 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:37:13.0625 5016 NtLmSsp - ok
16:37:13.0656 5016 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:37:13.0671 5016 NtmsSvc - ok
16:37:13.0687 5016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:37:13.0703 5016 Null - ok
16:37:14.0031 5016 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:37:14.0375 5016 nv - ok
16:37:14.0421 5016 [ 32F7DEC3729B3BAE66EEBCAB7B03B18F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:37:14.0421 5016 NVSvc - ok
16:37:14.0484 5016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:37:14.0484 5016 NwlnkFlt - ok
16:37:14.0484 5016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:37:14.0484 5016 NwlnkFwd - ok
16:37:14.0515 5016 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:37:14.0515 5016 Parport - ok
16:37:14.0546 5016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:37:14.0546 5016 PartMgr - ok
16:37:14.0578 5016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:37:14.0578 5016 ParVdm - ok
16:37:14.0578 5016 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:37:14.0578 5016 PCI - ok
16:37:14.0578 5016 PCIDump - ok
16:37:14.0593 5016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:37:14.0593 5016 PCIIde - ok
16:37:14.0609 5016 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:37:14.0609 5016 Pcmcia - ok
16:37:14.0625 5016 PDCOMP - ok
16:37:14.0625 5016 PDFRAME - ok
16:37:14.0625 5016 PDRELI - ok
16:37:14.0625 5016 PDRFRAME - ok
16:37:14.0640 5016 perc2 - ok
16:37:14.0640 5016 perc2hib - ok
16:37:14.0671 5016 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
16:37:14.0671 5016 pfc - ok
16:37:14.0687 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:37:14.0687 5016 PlugPlay - ok
16:37:14.0687 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:37:14.0703 5016 PolicyAgent - ok
16:37:14.0734 5016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:37:14.0734 5016 PptpMiniport - ok
16:37:14.0734 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:37:14.0734 5016 ProtectedStorage - ok
16:37:14.0750 5016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:37:14.0750 5016 PSched - ok
16:37:14.0765 5016 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:37:14.0765 5016 PSI - ok
16:37:14.0796 5016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:37:14.0796 5016 Ptilink - ok
16:37:14.0828 5016 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:37:14.0828 5016 PxHelp20 - ok
16:37:14.0828 5016 ql1080 - ok
16:37:14.0828 5016 Ql10wnt - ok
16:37:14.0828 5016 ql12160 - ok
16:37:14.0843 5016 ql1240 - ok
16:37:14.0843 5016 ql1280 - ok
16:37:14.0859 5016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:37:14.0859 5016 RasAcd - ok
16:37:14.0875 5016 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:37:14.0875 5016 RasAuto - ok
16:37:14.0906 5016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:37:14.0906 5016 Rasl2tp - ok
16:37:14.0937 5016 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:37:14.0937 5016 RasMan - ok
16:37:14.0984 5016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:37:14.0984 5016 RasPppoe - ok
16:37:14.0984 5016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:37:14.0984 5016 Raspti - ok
16:37:15.0000 5016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:37:15.0000 5016 Rdbss - ok
16:37:15.0000 5016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:37:15.0000 5016 RDPCDD - ok
16:37:15.0015 5016 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:37:15.0015 5016 rdpdr - ok
16:37:15.0031 5016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:37:15.0031 5016 RDPWD - ok
16:37:15.0046 5016 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:37:15.0062 5016 RDSessMgr - ok
16:37:15.0078 5016 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:37:15.0078 5016 redbook - ok
16:37:15.0109 5016 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:37:15.0109 5016 RemoteAccess - ok
16:37:15.0125 5016 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:37:15.0125 5016 RemoteRegistry - ok
16:37:15.0156 5016 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:37:15.0156 5016 RpcLocator - ok
16:37:15.0171 5016 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:37:15.0187 5016 RpcSs - ok
16:37:15.0218 5016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:37:15.0218 5016 RSVP - ok
16:37:15.0234 5016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:37:15.0234 5016 SamSs - ok
16:37:15.0250 5016 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:37:15.0250 5016 SCardSvr - ok
16:37:15.0281 5016 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:37:15.0296 5016 Schedule - ok
16:37:15.0343 5016 [ 8CC57132C758F1B9614FE2E2C841FA3D ] Seagate Dashboard Services C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
16:37:15.0343 5016 Seagate Dashboard Services - ok
16:37:15.0375 5016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:37:15.0375 5016 Secdrv - ok
16:37:15.0390 5016 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:37:15.0390 5016 seclogon - ok
16:37:15.0468 5016 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
16:37:15.0468 5016 Secunia PSI Agent - ok
16:37:15.0515 5016 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
16:37:15.0515 5016 Secunia Update Agent - ok
16:37:15.0531 5016 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:37:15.0531 5016 SENS - ok
16:37:15.0531 5016 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:37:15.0531 5016 Serial - ok
16:37:15.0546 5016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:37:15.0546 5016 Sfloppy - ok
16:37:15.0593 5016 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:37:15.0593 5016 SharedAccess - ok
16:37:15.0625 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:37:15.0625 5016 ShellHWDetection - ok
16:37:15.0640 5016 Simbad - ok
16:37:15.0671 5016 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:37:15.0671 5016 SkypeUpdate - ok
16:37:15.0703 5016 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:37:15.0703 5016 SLIP - ok
16:37:15.0734 5016 [ DFADFC2C86662F40759BF02ADD27D569 ] sonypvs1 C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
16:37:15.0734 5016 sonypvs1 - ok
16:37:15.0750 5016 Sparrow - ok
16:37:15.0750 5016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:37:15.0750 5016 splitter - ok
16:37:15.0781 5016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:37:15.0781 5016 Spooler - ok
16:37:15.0812 5016 [ F42EFEFB765235F24B24E1D2B6F99F46 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
16:37:15.0812 5016 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: F42EFEFB765235F24B24E1D2B6F99F46
16:37:15.0812 5016 sptd ( LockedFile.Multi.Generic ) - warning
16:37:15.0812 5016 sptd - detected LockedFile.Multi.Generic (1)
16:37:15.0812 5016 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:37:15.0828 5016 sr - ok
16:37:15.0859 5016 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:37:15.0859 5016 srservice - ok
16:37:15.0875 5016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:37:15.0890 5016 Srv - ok
16:37:15.0890 5016 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:37:15.0906 5016 SSDPSRV - ok
16:37:15.0937 5016 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:37:15.0953 5016 stisvc - ok
16:37:15.0968 5016 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:37:15.0968 5016 streamip - ok
16:37:15.0984 5016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:37:15.0984 5016 swenum - ok
16:37:16.0000 5016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:37:16.0000 5016 swmidi - ok
16:37:16.0000 5016 SwPrv - ok
16:37:16.0000 5016 Symantec SymSnap VSS Provider - ok
16:37:16.0015 5016 symc810 - ok
16:37:16.0015 5016 symc8xx - ok
16:37:16.0031 5016 [ C9273531EAC75EE225E3170FB6107FA3 ] symsnap C:\WINDOWS\system32\DRIVERS\symsnap.sys
16:37:16.0031 5016 symsnap - ok
16:37:16.0140 5016 [ 5507B0F252D420871D2DA9B3CB2BABC2 ] SymSnapService C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
16:37:16.0156 5016 SymSnapService - ok
16:37:16.0156 5016 sym_hi - ok
16:37:16.0171 5016 sym_u3 - ok
16:37:16.0171 5016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:37:16.0171 5016 sysaudio - ok
16:37:16.0203 5016 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:37:16.0218 5016 SysmonLog - ok
16:37:16.0234 5016 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:37:16.0250 5016 TapiSrv - ok
16:37:16.0265 5016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:37:16.0281 5016 Tcpip - ok
16:37:16.0296 5016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:37:16.0296 5016 TDPIPE - ok
16:37:16.0312 5016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:37:16.0312 5016 TDTCP - ok
16:37:16.0421 5016 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
16:37:16.0468 5016 TeamViewer8 - ok
16:37:16.0500 5016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:37:16.0500 5016 TermDD - ok
16:37:16.0531 5016 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:37:16.0531 5016 TermService - ok
16:37:16.0546 5016 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:37:16.0546 5016 Themes - ok
16:37:16.0578 5016 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:37:16.0578 5016 TlntSvr - ok
16:37:16.0578 5016 TosIde - ok
16:37:16.0609 5016 [ 9F5EEBA83C88EB747B831B6EEADC2442 ] TotRec7 C:\WINDOWS\system32\drivers\TotRec7.sys
16:37:16.0625 5016 TotRec7 - ok
16:37:16.0640 5016 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:37:16.0640 5016 TrkWks - ok
16:37:16.0671 5016 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
16:37:16.0671 5016 TVICHW32 - ok
16:37:16.0703 5016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:37:16.0703 5016 Udfs - ok
16:37:16.0703 5016 ultra - ok
16:37:16.0734 5016 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
16:37:16.0734 5016 UMWdf - ok
16:37:16.0765 5016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:37:16.0765 5016 Update - ok
16:37:16.0796 5016 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:37:16.0796 5016 upnphost - ok
16:37:16.0812 5016 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:37:16.0812 5016 UPS - ok
16:37:16.0828 5016 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:37:16.0828 5016 usbaudio - ok
16:37:16.0828 5016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:37:16.0828 5016 usbccgp - ok
16:37:16.0843 5016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:37:16.0843 5016 usbehci - ok
16:37:16.0859 5016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:37:16.0859 5016 usbhub - ok
16:37:16.0875 5016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:37:16.0875 5016 usbprint - ok
16:37:16.0875 5016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:37:16.0890 5016 usbscan - ok
16:37:16.0890 5016 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:37:16.0890 5016 USBSTOR - ok
16:37:16.0906 5016 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:37:16.0921 5016 usbuhci - ok
16:37:16.0953 5016 [ B4D63048D6358E7C6AB61B98B8CFF263 ] v2imount C:\WINDOWS\system32\DRIVERS\v2imount.sys
16:37:16.0953 5016 v2imount - ok
16:37:16.0953 5016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:37:16.0953 5016 VgaSave - ok
16:37:16.0953 5016 ViaIde - ok
16:37:16.0984 5016 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
16:37:16.0984 5016 vncdrv - ok
16:37:17.0015 5016 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:37:17.0015 5016 VolSnap - ok
16:37:17.0031 5016 [ E78781B2C86C92A0A738DF566460F716 ] VProEventMonitor C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
16:37:17.0031 5016 VProEventMonitor - ok
16:37:17.0078 5016 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:37:17.0078 5016 VSS - ok
16:37:17.0093 5016 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:37:17.0109 5016 W32Time - ok
16:37:17.0125 5016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:37:17.0125 5016 Wanarp - ok
16:37:17.0125 5016 WDICA - ok
16:37:17.0140 5016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:37:17.0140 5016 wdmaud - ok
16:37:17.0156 5016 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:37:17.0171 5016 WebClient - ok
16:37:17.0187 5016 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
16:37:17.0187 5016 WimFltr - ok
16:37:17.0234 5016 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:37:17.0234 5016 winachsf - ok
16:37:17.0281 5016 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:37:17.0281 5016 winmgmt - ok
16:37:17.0312 5016 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
16:37:17.0312 5016 WmdmPmSN - ok
16:37:17.0343 5016 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:37:17.0343 5016 Wmi - ok
16:37:17.0375 5016 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:37:17.0375 5016 WmiApSrv - ok
16:37:17.0437 5016 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:37:17.0453 5016 WMPNetworkSvc - ok
16:37:17.0562 5016 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:37:17.0562 5016 WPFFontCache_v0400 - ok
16:37:17.0578 5016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:37:17.0593 5016 WS2IFSL - ok
16:37:17.0609 5016 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:37:17.0625 5016 wscsvc - ok
16:37:17.0640 5016 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:37:17.0640 5016 WSTCODEC - ok
16:37:17.0656 5016 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:37:17.0718 5016 wuauserv - ok
16:37:17.0750 5016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:37:17.0750 5016 WudfPf - ok
16:37:17.0765 5016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:37:17.0765 5016 WudfRd - ok
16:37:17.0796 5016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:37:17.0796 5016 WudfSvc - ok
16:37:17.0828 5016 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:37:17.0843 5016 WZCSVC - ok
16:37:17.0859 5016 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:37:17.0890 5016 xmlprov - ok
16:37:17.0890 5016 ================ Scan global ===============================
16:37:17.0921 5016 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:37:17.0937 5016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:37:17.0953 5016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:37:17.0968 5016 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:37:17.0984 5016 [Global] - ok
16:37:17.0984 5016 ================ Scan MBR ==================================
16:37:18.0000 5016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:37:18.0171 5016 \Device\Harddisk0\DR0 - ok
16:37:18.0171 5016 ================ Scan VBR ==================================
16:37:18.0171 5016 [ 652375AF39B675BA29614A9AA893973B ] \Device\Harddisk0\DR0\Partition1
16:37:18.0171 5016 \Device\Harddisk0\DR0\Partition1 - ok
16:37:18.0171 5016 ============================================================
16:37:18.0171 5016 Scan finished
16:37:18.0171 5016 ============================================================
16:37:18.0187 1616 Detected object count: 1
16:37:18.0187 1616 Actual detected object count: 1
16:37:40.0187 1616 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:37:40.0187 1616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:39:03.0218 0292 Deinitialize success

savanna
2013-02-09, 01:35
OTL logfile created on: 2/8/2013 4:40:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.12% Memory free
3.84 Gb Paging File | 3.13 Gb Available in Paging File | 81.48% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 32.44 Gb Free Space | 10.89% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1799a304573e4faf5a8d9223e5e4fbb0\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9fe6a89ed637863398d1f655170b8b96\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6656b6a40139beaa70de0760c02993eb\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Program Files\My Lockbox\FSPFlt.dll ()
MOD - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
MOD - C:\WINDOWS\system32\xvid.ax ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (GEARSecurity) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Seagate Dashboard Services) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
DRV - (asmusjx6) -- File not found
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (EUBKMON) -- C:\WINDOWS\system32\drivers\EUBKMON.sys ()
DRV - (EUFDDISK) -- C:\WINDOWS\system32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (FSProFilter) -- C:\WINDOWS\system32\drivers\FSPFltd.sys (FSPro Labs)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (symsnap) -- C:\WINDOWS\system32\drivers\symsnap.sys (StorageCraft)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PLT
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-602162358-1972579041-839522115-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.5
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.664
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:2.4.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.4.6.2
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bob\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 06:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 06:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4633C16E-71E6-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Bob\Local Settings\Application Data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}\ [2012/03/19 11:09:18 | 000,000,000 | ---D | M]

[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/02/07 09:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions
[2010/04/27 12:30:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/02/04 09:48:10 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/27 12:30:04 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
[2011/02/17 10:31:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(3)
[2013/01/15 10:28:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/17 10:31:25 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant(2).com
[2013/01/16 10:29:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant.com
[2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
[2013/01/31 05:38:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\LogMeInClient@logmein.com
[2012/09/19 16:53:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\twitternotifier@naan.net
[2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/12/23 10:23:12 | 000,030,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/09/05 14:43:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2013/02/06 06:42:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/19 14:22:47 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/04/19 14:10:00 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/08/20 17:58:13 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/19 14:22:19 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/08/30 05:21:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
[2012/11/16 07:10:46 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/19 15:34:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349819256953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: NameServer = 74.40.74.40,74.40.74.41
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/21 13:10:11 | 000,000,000 | ---D | M] - C:\Auto Repair -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 21:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/08 16:39:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/08 16:36:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe
[2013/02/07 22:19:18 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/06 06:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/24 08:51:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/24 08:50:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/01/24 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2013/01/22 10:52:08 | 000,000,000 | ---D | C] -- C:\THD
[2013/01/21 10:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\My Kindle Content
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Amazon
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Amazon
[2013/01/21 10:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/01/19 16:00:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/19 15:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/15 10:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\dwhelper
[2013/01/13 18:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
[2013/01/11 15:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Revo Uninstaller
[2008/05/15 10:40:56 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Bob\GoToAssist_phone__317_en.exe
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/08 16:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/08 16:36:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob\Desktop\tdsskiller.exe
[2013/02/08 16:30:22 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
[2013/02/08 16:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/08 15:46:47 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/08 04:51:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/08 04:49:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/07 22:19:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 22:19:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/07 22:19:26 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/02 18:25:07 | 001,097,433 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 18:15:55 | 000,105,016 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Bob\Desktop\g2m_download.exe
[2013/01/29 14:02:43 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/28 18:59:59 | 000,006,198 | ---- | M] () -- C:\130129.html
[2013/01/28 18:59:24 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/27 05:50:31 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Bob.job
[2013/01/26 05:30:52 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\Bob Merge.job
[2013/01/24 15:33:01 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2013/01/23 18:02:32 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/22 17:47:11 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2013/01/22 15:01:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | M] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 21:54:27 | 000,306,176 | -HS- | M] () -- C:\EUMONBMP.SYS
[2013/01/19 18:23:58 | 000,249,385 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 15:34:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/19 11:28:19 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[2013/01/14 05:56:15 | 000,199,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/13 18:00:03 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/11 15:49:34 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Revo Uninstaller.lnk
[2013/01/11 11:31:34 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\U of M Residences.URL
[2013/01/09 18:37:41 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Rob Hoffman Videos Dwnld.URL
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/02 18:25:03 | 001,097,433 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 14:02:43 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/29 05:35:47 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/28 18:59:59 | 000,006,198 | ---- | C] () -- C:\130129.html
[2013/01/28 18:59:23 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/22 15:01:46 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | C] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 20:49:13 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/19 18:23:56 | 000,249,385 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 11:28:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[2013/01/13 18:00:03 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/01/11 11:31:34 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\U of M Residences.URL
[2013/01/09 18:37:41 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Rob Hoffman Videos Dwnld.URL
[2012/11/21 18:24:36 | 000,017,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/11 06:31:15 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/08/29 21:07:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1972579041-839522115-1003-0.dat
[2012/08/29 21:07:32 | 000,111,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/10 09:38:04 | 000,000,007 | RH-- | C] () -- C:\Documents and Settings\Bob\hwid
[2012/03/25 10:13:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/25 10:13:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/25 10:13:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/25 10:13:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/25 10:13:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 10:24:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 18:58:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/12 08:08:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 06:17:31 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Bob\CPI.csv
[2011/09/21 09:30:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 05:44:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/29 15:53:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/24 05:38:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/06/11 07:58:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/06/11 07:58:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/06/08 22:12:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/14 08:55:47 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\1.gif
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548
[2011/03/07 06:33:12 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\mainhst.zgh
[2011/01/21 11:44:39 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/03 10:43:23 | 008,410,624 | ---- | C] () -- C:\Program Files\HTML Guardian 7.msi
[2009/08/23 09:44:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
[2009/04/29 05:51:16 | 000,006,059 | ---- | C] () -- C:\Documents and Settings\Bob\r
[2009/01/17 09:07:58 | 012,124,160 | ---- | C] () -- C:\Documents and Settings\Bob\ntuser.bak
[2008/01/19 09:18:52 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\SAS7_000.DAT
[2008/01/14 09:55:30 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\FASTWiz.html
[2008/01/13 12:58:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/13 12:41:40 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/13 12:21:42 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== ZeroAccess Check ==========

[2008/03/18 09:34:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 14:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 4/8/2011 6:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 41.84 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

savanna
2013-02-09, 01:36
OTL.txt file continued

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe" = C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe:*:Enabled:hotComm CL Client -- (1stWorks Corporation)
"C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader LLC, http://www.ninjatrader.com)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" = C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe:*:Enabled:ldrsoft
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)
"C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe" = C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe:*:Enabled:ldrsoft -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{3420C6C3-2A57-434E-97EB-513FE3038157}" = HTML Guardian 7
"{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4F04D584-09FC-4CB4-88D1-7D176C0031DB}" = Imagination Image Map Editor
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9583F63-78C9-46B8-8A31-38010645234F}" = NinjaTrader 7
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG Free 9.0
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DMX5_is1" = DriverMax 5
"DriverAgent.exe" = DriverAgent by eSupport.com
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Example2" = Stickynotes
"FileZilla Client" = FileZilla Client 3.4.0
"FlashPile.com Video Decompiler_is1" = FlashPile.com Video Decompiler 1.0.0.7
"GIF Animator" = Microsoft GIF Animator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotComm® CL" = hotComm® CL
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Macro Express 3" = Macro Express 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Lockbox_is1" = My Lockbox 2.4.17
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Prism" = Prism Video Converter
"Revo Uninstaller" = Revo Uninstaller 1.83
"Silent Package Run-Time Sample" = EPSON CX 3800 Guide
"Smart Defrag_is1" = Smart Defrag
"TotalRecorder" = Total Recorder 7.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.7
"WebSite eXtractor" = WebSite eXtractor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Pixie" = Pixie 3.1 (remove only)
"Rockwell Trading Plan Generator V0.91" = Rockwell Trading Plan Generator V0.91

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ Application Events ]
Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 4/6/2011 3:47:02 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/6/2011 3:47:03 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/6/2011 7:17:35 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/6/2011 7:17:37 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/7/2011 6:58:19 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/7/2011 6:58:20 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/8/2011 6:50:51 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/8/2011 6:50:53 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/8/2011 10:37:03 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/8/2011 10:37:08 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd


< End of report >

savanna
2013-02-09, 01:37
Extras.txt file

~!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 4/8/2011 6:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 41.84 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe" = C:\Program Files\1stWORKS\hotCommCL\BIN\HotComm.exe:*:Enabled:hotComm CL Client -- (1stWorks Corporation)
"C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader LLC, http://www.ninjatrader.com)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" = C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe:*:Enabled:ldrsoft
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)
"C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe" = C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe:*:Enabled:ldrsoft -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{3420C6C3-2A57-434E-97EB-513FE3038157}" = HTML Guardian 7
"{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4F04D584-09FC-4CB4-88D1-7D176C0031DB}" = Imagination Image Map Editor
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9583F63-78C9-46B8-8A31-38010645234F}" = NinjaTrader 7
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG Free 9.0
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DMX5_is1" = DriverMax 5
"DriverAgent.exe" = DriverAgent by eSupport.com
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Example2" = Stickynotes
"FileZilla Client" = FileZilla Client 3.4.0
"FlashPile.com Video Decompiler_is1" = FlashPile.com Video Decompiler 1.0.0.7
"GIF Animator" = Microsoft GIF Animator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotComm® CL" = hotComm® CL
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Macro Express 3" = Macro Express 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Lockbox_is1" = My Lockbox 2.4.17
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Prism" = Prism Video Converter
"Revo Uninstaller" = Revo Uninstaller 1.83
"Silent Package Run-Time Sample" = EPSON CX 3800 Guide
"Smart Defrag_is1" = Smart Defrag
"TotalRecorder" = Total Recorder 7.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.7
"WebSite eXtractor" = WebSite eXtractor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Pixie" = Pixie 3.1 (remove only)
"Rockwell Trading Plan Generator V0.91" = Rockwell Trading Plan Generator V0.91

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ Application Events ]
Error - 4/6/2011 3:38:29 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:33 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 3:38:42 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application mylbx.exe, version 2.4.17.307, faulting module
mylbx.exe, version 2.4.17.307, fault address 0x002d448a.

Error - 4/6/2011 7:12:09 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/6/2011 7:13:15 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:51:42 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:26 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:52:59 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:53:43 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/7/2011 8:54:35 AM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 4/6/2011 3:47:02 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/6/2011 3:47:03 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/6/2011 7:17:35 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/6/2011 7:17:37 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/7/2011 6:58:19 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/7/2011 6:58:20 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/8/2011 6:50:51 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/8/2011 6:50:53 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd

Error - 4/8/2011 10:37:03 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 4/8/2011 10:37:08 AM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln Lbd


< End of report >

torreattack
2013-02-09, 16:46
Hi savanna :


1. Spybot Forum Policy Notification

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

As long as you have the P2P program(s) installed, per Spybot Forum Policy: File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282), I can offer you no further assistance.

I strongly recommend that you uninstall:
LimeWire


However, that choice is up to you.
If you choose NOT to remove these programs...indicate that in your next reply.



2. CKScanner
Please download CKScanner from Here (http://downloads.malwareremoval.com/CKScanner.exe)
Important: - Save it to your desktop.
Double click CKScanner.exe then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please Run the program only once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


3. Online Multi Antivirus file scan
Please go to Virus Total (http://www.virustotal.com/) and upload -only one file per scan- the following file(s) for scanning:

C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe

Please copy... the above full path and file name(s)...
Press the choose file button and paste the copied name into the "File name:" text box... then press Open.
The file name should now appear in the online scanner's text entry box.
Click on Scan it...button.
The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
If you receive the message: File has already been analysed:
Please press the Reanalyse file now button, so your file will be scanned.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
http://img263.imageshack.us/img263/38/61446739.jpg
Please repeat this procedure for each file listed above.
Paste the permalink (web address) of all the Virus Total results in your next reply.


4. Please tell me, is this computer used for business or connected to a business network?
Please read: http://forums.spybot.info/showpost.php?p=25712&postcount=5


I am very sorry to tell you that I might reply a bit slower than usual these few days because after a few hours, I am going to celebrate Chinese New Year with my family.
I will spare most of my time with my family and friends. I am sorry.


Happy Chinese New Year,
torreattack

savanna
2013-02-09, 20:00
I do not have LimeWire installed on this computer. I might have been on there a long time ago, but I cannot find it via "Add Remove Programs". I manually deleted its folder in the Program Folders directory.

Of the 3 files that you asked me to scan with Virus Total, I could only find one. I even tried the explorer search function, but they didn't show up. Here is the Virus Total link for the "C:\WINDOWS\explorer.exe" file:
https://www.virustotal.com/file/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455/analysis/1360432328/

This computer is used not used for business - only personal.

Below are the scan results for CKScanner.

I wish you a happy Chinese New Year, and thank you very much for your help.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.WQABWU
----- EOF -----

torreattack
2013-02-10, 03:17
Hi savanna:

Thanks for removing the P2P software and your greeting.

Don't worry for those files that can't be found, they might be hiding or just some leftover, we will deal with them later.

1. How many times have you actually run CKScanner, the instructions state to run it just once unless asked to run it again?

thanks,
torreattack

savanna
2013-02-10, 14:22
I'm sorry. I assumed those files were supposed to be removed, but I see now that they were not. There were only a couple of them in there. I'll pay better attention to your instructions next time.

What should I do next?

torreattack
2013-02-11, 04:39
Hi savanna :

It's ok, next time, if you are not sure, I hope you ask before you carry on to avoid make the problem worst.

Let's start with the easy methods:

1. Malwarebytes' Anti-Malware (MBAM)
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.


2. Search with AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run it.
Click on Search.
A logfile will automatically open after the scan has finished.
Close the adwCleaner window, click ok to the prompt.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.


Thanks,
torreattack

savanna
2013-02-11, 15:29
Thank you for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob :: INSPIRON [administrator]

2/11/2013 6:26:25 AM
mbam-log-2013-02-11 (06-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339698
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 07:27:56
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bob - INSPIRON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\Administrator.INSPIRON\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
Folder Found : C:\Documents and Settings\Bob\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Bob\Application Data\pdfforge
Folder Found : C:\Program Files\AskSearch
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\IZArc\OpenCandy
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com/?si=10211&home=1

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\prefs.js

Found : user_pref("browser.search.order.1", "Blekko");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"short_url_length_hxxps\":21,\"[...]
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12[...]

File : C:\Documents and Settings\Administrator.INSPIRON\Application Data\Mozilla\Firefox\Profiles\36va78ll.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : icon_url ={"backup":{"_version":3,"browser":{"show_home_button":true},"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","hxxp://search.searchcompletion.com/?si=10211&home=1"]}},"browser":{"show_home_button":true,"window_placement":{"bottom":820,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":830,"work_area_left":0,"work_area_right":1152,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":false,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://cdn.eyewonder.com/",["hxxp://cdn.eyewonder.com/",2.60370]],["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",1.1019420,"hxxp://p.twitter.com/",1.1019420,"hxxp://r.twimg.com/",0.0681370]],["hxxp://tags.bluekai.com/",["hxxp://i.i.com.com/",0.4313680,"hxxp://rt.legolas-media.com/",0.4313680]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",1.7184420,"hxxp://pack.google.com/",2.60370,"hxxp://themes.googleusercontent.com/",1.7184420,"hxxp://tools.google.com/",2.5904880,"hxxp://www.google-analytics.com/",1.7184420,"hxxp://www.google.com/",2.8151050]],["hxxp://view.atdmt.com/",["hxxp://amch.questionmarket.com/",2.9340210,"hxxp://ec.atdmt.com/",2.273380]],["hxxp://www.cbs.com/",["hxxp://ad.yieldmanager.com/",2.273380,"hxxp://ads.revsci.net/",2.60370,"hxxp://platform.twitter.com/",7.3140660,"hxxp://static.ak.facebook.com/",3.9249810,"hxxp://tags.bluekai.com/",3.2643410,"hxxp://www.cbs.com/",26.6281530,"hxxp://www.facebook.com/",7.8623980,"hxxp://wwwimage.cbs.com/",3.2643410,"hxxps://plusone.google.com/",5.2462620,"hxxps://s-static.ak.facebook.com/",3.2643410]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",1.6761590]],["hxxp://www.google.com/",["hxxp://ajax.googleapis.com/",0.9902840000000001,"hxxp://fonts.googleapis.com/",0.9902840000000001,"hxxp://id.google.com/",0.9902840000000001,"hxxp://ssl.gstatic.com/",1.1341720,"hxxp://www.google.com/",4.5874710]],["hxxps://plusone.google.com/",["hxxps://apis.google.com/",0.3659740,"hxxps://plusone.google.com/",0.7014750]]],"startup_list":[1,"hxxp://ajax.googleapis.com/","hxxp://fonts.googleapis.com/","hxxp://id.google.com/","hxxp://pack.google.com/","hxxp://ssl.gstatic.com/","hxxp://themes.googleusercontent.com/","hxxp://tools.google.com/","hxxp://www.cbs.com/","hxxp://www.google-analytics.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12982289327505250","next_check":"12982306133925250"},"blacklistupdate":{"lastpingday":"12982229989834250","version":"0.0.0.105"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"t","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289329815250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"x","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289331849250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289330748250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}}},"homepage":"","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"clients2.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"ssl.gstatic.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"pref_version":1,"promo_build":11,"promo_closed":false,"promo_end":1333353540,"promo_feature_mask":0,"promo_group":49,"promo_group_max":99,"promo_group_timeslice":0,"promo_is_logged_in_to_plus":false,"promo_line":"<b>New!</b> Browse the web with twice the mice. <a href=\"hxxp://google.com/chrome/multitask\">Try Chrome Multitask Mode</a>","promo_platform":15,"promo_resource_cache_update":"1337815001.93775","promo_start":1333267260,"promo_views":0,"promo_views_max":15,"shown_sections":29,"tips_cache":{"current_tip":0,"tips":["Click and hold down the back button to see your browsing history.","Customize Google Chrome with themes! Check out designs at the <a href=\"hxxps://tools.google.com/chrome/intl/en/themes/index.html\" target=\"_blank\">Themes Gallery</a>.","Customize Google Chrome with themes! Check out special artist themes at the <a href=\"hxxps://tools.google.com/chrome/intl/en/themes/index.html\" target=\"_blank\">Themes Gallery</a>.\n","Get the latest Google Chrome news at the <a href=\"hxxp://chrome.blogspot.com\">Google Chrome blog</a>.","Press <strong>Ctrl+Shift+B</strong> to open the bookmark manager. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Whenever you use the find bar, yellow markings on the scrollbar help you quickly locate matches on the page. Learn more about using the <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95635&ctx=tip\">find bar</a>.","Search your bookmarks and browsing history from the address bar. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95440&ctx=tip\">Learn more</a>","To rearrange the order of your tabs, simply click a tab and drag it to different position along the top of the browser window. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622&ctx=tip\">using tabs</a>.","Quickly resize a tab by dragging it to a docking position on your monitor or browser window. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622#resize&ctx=tip\">Learn more</a>","Drag a link to the tab strip at the top of your browser window to open it in a new tab.","Press <strong>Ctrl+T</strong> to open a new tab. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>Ctrl+N</strong> to open a new browser window. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","To search a site from the address bar, start typing the site's web address and press <strong>Tab</strong> when prompted. Then type your search term and press <strong>Enter</strong>. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95655&ctx=tip\">search tips</a>.\n","Create address bar keywords for search engines you frequently use. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95653&ctx=tips\">Learn how</a>","Press <strong>Ctrl</strong> and + to enlarge a page; <strong>Ctrl</strong> and - to make the page smaller; and <strong>Ctrl</strong> and <strong>0</strong> to return the page to its normal size. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Want to quickly search the page you're viewing? Press <strong>Ctrl+F</strong> to open the find bar. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95635&ctx=tip\">using the find bar</a>.\n","Press <strong>Ctrl+S</strong> to save your current webpage. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>Ctrl+P</strong> to print your current webpage. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>Ctrl+J</strong> to see a list of files you've downloaded. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>Ctrl+H</strong> to see your browsing history. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","You can click a tab and drag it out of the tab strip to open it in a new window. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622&ctx=tips\">using tabs</a>. \n","Press <strong>Ctrl+Shift+N</strong> to open a new window in incognito mode. Pages you visit while in incognito mode aren't stored in your browsing history. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95464&ctx=tip\">Learn more</a>","Press <strong>Ctrl+O</strong> to open a file in the browser. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>F11</strong> to go full screen. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Click the star next to the address bar to bookmark the page you're viewing. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.\n","Place shortcuts for your favorite sites on your computer desktop. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95710&ctx=tip\">Learn more</a>","Want to hide the thumbnails on the New Tab page? Click the thumbnails icon at the top of the page. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95451&ctx=tip\">customizing the display of the page</a>.","Did you know you can drag the star to the bookmarks bar to create a bookmark for the page? Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.","Did you know you can drag a link to the bookmarks bar to create an instant bookmark? Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.","Press <strong>Ctrl+Shift+T</strong> to reopen the last tab you closed. Use this shortcut repeatedly to reopen even more closed tabs. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Don't want to leave traces of your browsing history? Browse in incognito mode. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95464&ctx=tip\">Learn more</a>","Accidentally closed a window full of tabs? Find it again in the <strong>Recently closed</strong> section of the New Tab page.","Don't see a home button next to the address bar? Learn how to <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95314&ctx=tip\">add one</a> to get easy access to your home page.","Search directly from the address bar. Type in a search term and press <strong>Enter</strong> to see immediate search results. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95655&ctx=tip\">search tips</a>.\n","Press <strong>Ctrl+B</strong> to dock (or undock) your bookmarks bar under the address bar. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press <strong>F6</strong> to quickly place your cursor in the address bar. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>."],"topic_id":"24013"},"tips_cache_update":"1257730513.322125","tips_server":"hxxps://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=en-US"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\gcswf32.dll","version":"11,2,202,235"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_2_202_235.dll","version":"11,2,202,235"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.1.33"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.300.12","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.300.12"},{"enabled":true,"name":"Java(TM) Platform SE 6 U30","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.300.12"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Microsoft® Windows Media Player Firefox Plugin","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\WINDOWS\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.6.1r629"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"ActiveTouch General Plugin Container","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npatgpc.dll","version":"27, 20, 2010, 715"},{"enabled":true,"name":"ActiveTouch General Plugin Container"},{"enabled":true,"name":"QuickTime Plug-in 7.6.4","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.6.4 (1327.73)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll","version":"9.00.00.4503"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll","version":"9.00.00.4503"},{"enabled":true,"name":"Microsoft® DRM"},{"enabled":true,"name":"Google Update","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.0.60831.0\\npctrl.dll","version":"4.0.60831.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"}]},"profile":{"avatar_index":0,"content_settings":{"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"First user","nickname":"","shortcut_created":true},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","hxxp://search.searchcompletion.com/?si=10211&home=1"]},"sync_promo":{"startup_count":1,"view_count":1}}

*************************

AdwCleaner[R1].txt - [32807 octets] - [11/02/2013 07:27:56]

########## EOF - C:\AdwCleaner[R1].txt - [32868 octets] ##########

torreattack
2013-02-12, 02:10
Hi savanna :

1. Fix with AdwCleaner
AdwCleaner
Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Delete.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


2. re-scan with OTL
Please make sure OTL is on your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of OTL.txt ONLY in your next reply.

3. Please give me an update of your computer problem?

Thanks,
torreattack

savanna
2013-02-12, 03:28
OTL.txt is attached as a compressed file.

Thank you for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 18:58:16
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - INSPIRON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Zynga
Deleted on reboot : C:\Program Files\Zynga
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\IZArc\OpenCandy
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

*************************

AdwCleaner[S1].txt - [2698 octets] - [11/02/2013 18:58:16]

########## EOF - \AdwCleaner[S1].txt - [2758 octets] ##########

torreattack
2013-02-12, 18:30
Hi savanna:

Please don't attach the logs unless instructed. You should post the log.

Please make sure you already create an backup of your registry with Erunt before you continue.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'

:OTL
PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
SRV - (stllssvr) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (GEARSecurity) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
DRV - (a7kun4k4) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
[2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
[2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O34 - HKLM BootExecute: (lsdelete)
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

:Files
C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe
C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


2. re-scan with OTL
Please make sure OTL is on your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.


3. Please give me an update of your computer problem?

thanks,
torreattack

savanna
2013-02-13, 00:02
I tried to run the OTL.exe custom scan two times. Each time it would freeze up on the "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" file. The first time I kept it running for an hour before I restarted the machine. On the second restart I got the text file that you see at the bottom of this post come up. The PC Alarm Clock software will not start now, but I think I can just re-install it once we are done cleaning the machine. Other programs seem to work OK.

What do you suggest I do next?

Thank you very much for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

torreattack
2013-02-13, 03:22
Hi savanna:

I need to see the complete log, not portion of it. Please check whether there is a log at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


Btw, let's try again without the "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" file.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'

:OTL
PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
SRV - (stllssvr) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (GEARSecurity) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
DRV - (a7kun4k4) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
[2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
[2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O34 - HKLM BootExecute: (lsdelete)
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


2. re-scan with OTL
Please make sure OTL is on your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.


3. Please give me an update of your computer problem? Does it boot problem solve?


The PC Alarm Clock software will not start now, but I think I can just re-install it once we are done cleaning the machine.
I removed it, you might find more info here:
http://www.emsisoft.com/en/malware/Adware.Win32.AquariusSoft-remove.aspx


thanks,
torreattack

savanna
2013-02-13, 14:09
The same thing happened again, but this time it froze on the "ipconfig /flushdns /c" file. Both freeze ups were associated with "Processing 034 -HKLM Boot Execute (Isdelete)".

Are you suggesting that the Aquarius Soft PC Alarm Clock, which I purchased and have been using for over a year has some sort of malware in it. I run Spybot and Malwarebytes on a regular basis and they never flagged anything. Do you recommend that I remove it and never use it again?

Thank you for your help.

torreattack
2013-02-14, 04:43
Hi savanna,

According to http://www.emsisoft.com/en/malware/Adware.Win32.AquariusSoft-remove.aspx, the software is bundled with malware, it is not my opinion. Whether you want to use it or not, it it up to you. But only after we finish.


1. Let's forget about the fix and post a fresh OTL log.

2. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
First please Disable any Antivirus you have active, as shown in This topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/home/products/online-scanner)
Then click on Run ESET Online Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following: Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.


3. Does computer boot faster now?

4. Any other issue?

torreattack

savanna
2013-02-15, 17:44
Yes, the computer does seem to boot a little faster now. Everything else seems to run fine too.

Eset found 6 threats. Should I re-scan and remove those threats?

Thank you for all your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 2/14/2013 6:03:48 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.16% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 30.27 Gb Free Space | 10.16% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 569.86 Gb Free Space | 20.39% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a5727a2f48522da538ac54d1127c3c4f\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1799a304573e4faf5a8d9223e5e4fbb0\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\72ed473252336750a7d22aff2558d51b\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Program Files\My Lockbox\FSPFlt.dll ()
MOD - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Seagate Dashboard Services) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (a2kusuat) -- File not found
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (EUBKMON) -- C:\WINDOWS\system32\drivers\EUBKMON.sys ()
DRV - (EUFDDISK) -- C:\WINDOWS\system32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (FSProFilter) -- C:\WINDOWS\system32\drivers\FSPFltd.sys (FSPro Labs)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (symsnap) -- C:\WINDOWS\system32\drivers\symsnap.sys (StorageCraft)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.5
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bob\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 18:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 06:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4633C16E-71E6-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Bob\Local Settings\Application Data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}\ [2012/03/19 11:09:18 | 000,000,000 | ---D | M]

[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/02/12 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions
[2010/04/27 12:30:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/02/04 09:48:10 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/27 12:30:04 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
[2011/02/17 10:31:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(3)
[2013/01/15 10:28:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/17 10:31:25 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant(2).com
[2013/01/16 10:29:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant.com
[2013/01/31 05:38:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\LogMeInClient@logmein.com
[2012/09/19 16:53:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\twitternotifier@naan.net
[2012/12/23 10:23:12 | 000,030,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/09/05 14:43:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/12 14:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 06:42:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/19 14:22:47 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/04/19 14:10:00 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/08/20 17:58:13 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/19 14:22:19 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/08/30 05:21:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/16 07:10:46 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/19 15:34:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349819256953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: NameServer = 74.40.74.40,74.40.74.41
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/21 13:10:11 | 000,000,000 | ---D | M] - C:\Auto Repair -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 21:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 14:48:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 18:54:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/07 22:19:18 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/06 06:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/24 08:51:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/24 08:50:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/01/24 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2013/01/22 10:52:08 | 000,000,000 | ---D | C] -- C:\THD
[2013/01/21 10:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\My Kindle Content
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Amazon
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Amazon
[2013/01/21 10:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/01/19 16:00:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/19 15:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/15 10:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\dwhelper
[2008/05/15 10:40:56 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Bob\GoToAssist_phone__317_en.exe
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/14 05:59:06 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\Bob Merge.job
[2013/02/14 05:58:53 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Bob.job
[2013/02/14 05:54:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/14 05:53:33 | 000,199,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 05:53:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 22:40:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 22:35:53 | 000,625,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 22:35:53 | 000,130,028 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/13 22:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/13 20:12:16 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
[2013/02/13 14:08:55 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/11 18:58:36 | 000,000,124 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/02/11 18:55:35 | 000,587,659 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
[2013/02/11 18:54:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/11 14:57:20 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2013/02/11 06:51:31 | 000,105,016 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Bob\Desktop\g2m_download.exe
[2013/02/07 22:19:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 22:19:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/07 22:19:26 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/02 18:25:07 | 001,097,433 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 14:02:43 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/28 18:59:59 | 000,006,198 | ---- | M] () -- C:\130129.html
[2013/01/28 18:59:24 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/25 21:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/23 18:02:32 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/22 17:47:11 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2013/01/22 15:01:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | M] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 21:54:27 | 000,306,176 | -HS- | M] () -- C:\EUMONBMP.SYS
[2013/01/19 18:23:58 | 000,249,385 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 15:34:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/19 11:28:19 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 18:58:33 | 000,000,124 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/02/11 18:55:36 | 000,587,659 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
[2013/02/02 18:25:03 | 001,097,433 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 14:02:43 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/29 05:35:47 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/28 18:59:59 | 000,006,198 | ---- | C] () -- C:\130129.html
[2013/01/28 18:59:23 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/22 15:01:46 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | C] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 20:49:13 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/19 18:23:56 | 000,249,385 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 11:28:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[2012/11/21 18:24:36 | 000,017,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/11 06:31:15 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/08/29 21:07:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1972579041-839522115-1003-0.dat
[2012/08/29 21:07:32 | 000,111,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/10 09:38:04 | 000,000,007 | RH-- | C] () -- C:\Documents and Settings\Bob\hwid
[2012/03/25 10:13:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/25 10:13:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/25 10:13:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/25 10:13:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/25 10:13:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 10:24:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 18:58:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/12 08:08:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 06:17:31 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Bob\CPI.csv
[2011/09/21 09:30:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 05:44:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/29 15:53:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/24 05:38:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/06/11 07:58:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/06/11 07:58:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/06/08 22:12:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/14 08:55:47 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\1.gif
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548
[2011/03/07 06:33:12 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\mainhst.zgh
[2011/01/21 11:44:39 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/03 10:43:23 | 008,410,624 | ---- | C] () -- C:\Program Files\HTML Guardian 7.msi
[2009/08/23 09:44:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
[2009/04/29 05:51:16 | 000,006,059 | ---- | C] () -- C:\Documents and Settings\Bob\r
[2009/01/17 09:07:58 | 012,124,160 | ---- | C] () -- C:\Documents and Settings\Bob\ntuser.bak
[2008/01/19 09:18:52 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\SAS7_000.DAT
[2008/01/14 09:55:30 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\FASTWiz.html
[2008/01/13 12:58:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/13 12:41:40 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/13 12:21:42 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== ZeroAccess Check ==========

[2008/03/18 09:34:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 14:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f820244970c2ac418f31792cb333a623
# engine=13161
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-15 01:53:32
# local_time=2013-02-15 07:53:32 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=189748
# found=6
# cleaned=0
# scan_time=6284
sh=7BC2C43D8F55AEC9CEB5FFB1749C52B385650A77 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17\4fd08551-17cd532c"
sh=10825AE5BA011F2EC26F215B6E38809B9EA5241F ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DN trojan" ac=I fn="C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26\f41b55a-286701e8"
sh=5107448F7AF18FDD3B60A11FB5E90FE55E3FB3BD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\6fdd73a9-3d85a2a0"
sh=7BCE65F98361339985D4E3B8F08AFC034D014499 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Monitor.EmployeeActMon application" ac=I fn="C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\System Volume Information\_restore{6068B9D1-1234-4DDA-9F1C-9B42EECF3E57}\RP355\A0060418.exe"
sh=8A017A234D9CBC7D6368A800E29119DBAE8712BA ft=1 fh=c71c00115837424f vn="Win32/OpenCandy application" ac=I fn="C:\System Volume Information\_restore{6068B9D1-1234-4DDA-9F1C-9B42EECF3E57}\RP381\A0068832.dll"

torreattack
2013-02-16, 04:36
Hi savanna :

Most unwanted files is being removed, however, there are some leftover, let fix again with OTL.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'

:processes
killallprocesses

:OTL
DRV - (a2kusuat) -- File not found
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

:Files
C:\Documents and Settings\All Users\Application Data\~19914548r
C:\Documents and Settings\All Users\Application Data\~19914548
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17\
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26\
C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.



C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip
2. Just want to know whether you alert the present of keylogger in this file, does it belong to you?


O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
3. Registry Cleaners
I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum (http://forums.whatthetech.com/Regcleaner_t42862.html&st=30&p=418272#entry418272)


Java(TM) 6 Update 30
4. If this still present in add-remove programs, please uninstall it.

5. Your Java is out of date.
According to your log, your java version is Java 7 Update 9. It is outdated, please update it.

It can be updated by the Java control panel
click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin.
Just follow the prompts.



Thanks,
torreattack

savanna
2013-02-17, 00:42
The OTL log is below

The keylogger is something I used to use to check on my kids. They're passed that age now. I've removed it.

Registry First Aid is no longer in "Add/Remove Programs". I haven't used it in many years.

Java has been updated.

Thank you very much for your help.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All processes killed
========== PROCESSES ==========
========== OTL ==========
Error: No service named a2kusuat was found to stop!
Service\Driver key a2kusuat not found.
File File not found not found.
C:\Documents and Settings\All Users\Application Data\~19914548r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19914548 moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\~19914548r not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~19914548 not found.
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Bob\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.INSPIRON
->Temp folder emptied: 33051 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->FireFox cache emptied: 18838342 bytes
->Flash cache emptied: 668 bytes

User: All Users

User: Bob
->Temp folder emptied: 156121114 bytes
->Temporary Internet Files folder emptied: 42342766 bytes
->Java cache emptied: 44434017 bytes
->FireFox cache emptied: 807226245 bytes
->Google Chrome cache emptied: 10139949 bytes
->Flash cache emptied: 5470081 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4778762 bytes
->Java cache emptied: 505 bytes
->Flash cache emptied: 102944 bytes

User: World Cup

User: XPS8500
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: zxcasdqwe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 85365 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 446143 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4848258 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26858410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 952650 bytes
RecycleBin emptied: 93438 bytes

Total Files Cleaned = 1,071.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02162013_161443

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

torreattack
2013-02-17, 04:05
hi savanna:

Any other issue before I post the ALL CLEAN?

torreattack

savanna
2013-02-17, 16:19
No, no other issues. Thank you so much for all your help.

torreattack
2013-02-17, 17:57
Hi savanna :


This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Time for some housekeeping

1. You said you had tried combofix, please use the following method to remove it.

Click on Start >> Run...
Now type in ComboFix /Uninstall into the box and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next

2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'



:OTL
O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)

:Files
C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip

:Commands
[EmptyTemp]
[ClearAllRestorePoints]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
Let the program run unhindered and reboot. You will get a fix log when it is done, just close the log.



3. Clean up with OTL
Double click OTL.exe to run it.
This tool will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.



You can now delete any tools we used if they remain on your Desktop.


Re-enable Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Update your programs regularly
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!


Thanks,
torreattack

savanna
2013-02-19, 15:02
All clean-up has been performed. Thank you very much for all your help. It is sincerely appreciated!