View Full Version : Hangs during bootup
A very dear friend of mine asked me to help him solve a problem with his laptop. About a month ago it started hanging up for about 6-12 minutes between when the background appears and when his icons came in.
I noticed he was getting an error message that the boot.ini file was missing. I created a generic boot.ini file. The error went away but the delay seemed to get slightly worse.
I went into msconfig and deselected everything in the start menu. I got an error message saying I needed admin privileges to make the changes. The menu still showed all items deselected after a reboot. That menu had several unnamed entries.
I ran spybot from the bootable dvd. It found and resolved issues, but the delay remained.
I ran combofix. It found more errors, but the delay remained.
Here are the log files:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17117
Run by Dan Kamin at 22:04:15 on 2013-02-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.981 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
StartupFolder: c:\docume~1\dankam~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739} : DHCPNameServer = 192.168.1.1 71.252.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan kamin\application data\mozilla\firefox\profiles\3xyzcfc0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dan kamin\application data\mozilla\firefox\profiles\3xyzcfc0.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\dan kamin\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: !HIDDEN! 2010-12-29 12:00; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2011-02-02 14:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-12 997464]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-10-4 99896]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-2-20 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20130220.002\IDSXpx86.sys [2013-2-21 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130220.023\NAVENG.SYS [2013-2-21 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130220.023\NAVEX15.SYS [2013-2-21 1603824]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2011-2-17 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2011-2-17 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2011-2-17 52309]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-21 02:55:32 -------- d-----w- c:\documents and settings\dan kamin\application data\Malwarebytes
2013-02-21 02:55:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-02-21 02:55:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-21 02:55:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-09 17:05:18 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-02-09 17:05:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 17:05:24 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-26 20:43:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-12-26 20:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 22:10:20.89 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-24 22:35:31
-----------------------------
22:35:31.671 OS Version: Windows 5.1.2600 Service Pack 3
22:35:31.671 Number of processors: 2 586 0xF0D
22:35:31.671 ComputerName: DAN UserName:
22:35:34.312 Initialize success
22:38:04.312 AVAST engine defs: 13022401
22:38:32.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:38:32.671 Disk 0 Vendor: ST9160314AS D005DEM1 Size: 152627MB BusType: 3
22:38:32.687 Disk 0 MBR read successfully
22:38:32.687 Disk 0 MBR scan
22:38:32.734 Disk 0 Windows XP default MBR code
22:38:32.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:38:32.750 Disk 0 scanning sectors +312576705
22:38:32.843 Disk 0 scanning C:\WINDOWS\system32\drivers
22:38:54.125 Service scanning
22:39:26.406 Modules scanning
22:39:34.906 Disk 0 trace - called modules:
22:39:34.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:39:34.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a678030]
22:39:34.937 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a709d98]
22:39:37.687 AVAST engine scan C:\WINDOWS
22:40:10.296 AVAST engine scan C:\WINDOWS\system32
22:44:06.609 AVAST engine scan C:\WINDOWS\system32\drivers
22:44:35.359 AVAST engine scan C:\Documents and Settings\Dan Kamin
23:36:36.750 AVAST engine scan C:\Documents and Settings\All Users
23:41:21.187 Scan finished successfully
23:44:20.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat"
23:44:20.109 The log file has been saved successfully to "C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.txt"
Thanks,
specba
I forgot to mention that I did try System Restore. The restore points were displayed, but none of them worked. The software ran but gave me a message that Windows was unable to complete the restore and no action was taken.
Dakeyras
2013-03-09, 12:45
Hi. :)
If you still require assistance with your friends machine merely acknowledge this post and we will then go from there, thank you.
Yes, yes, and yes. I gave it back to him to use, but I can have it back in a few hours.
Dakeyras
2013-03-09, 17:54
Hi. :)
Yes, yes, and yes. I gave it back to him to use, but I can have it back in a few hours.
Acknowledged.
When ready carry out the below for myself please as follows...
Boot.ini Check:
I would like to check the current state of the Boot.ini file to check if it is corrupted or not as follows:
Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:
@echo off
xcopy C:\boot.ini "%userprofile%\desktop\" /h
attrib -s -h "%userprofile%\desktop\boot.ini"
ren "%userprofile%\desktop\boot.ini" bootini.txt
del %0
Go to File >> Save As
Save File name as Look.bat
Change Save as Type to All Files and save the file to the Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/LookBat.gif
Now double click on the desktop Look.bat to run the batch file. It will self-delete when completed and produce a notepad text file named bootini on the desktop.
Scan with OTL:
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to the Desktop.
Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).
Double-click on OTL.exe to start OTL.
Under Output, ensure that Standard Output is selected.
Click the Scan All Users checkbox.
Under the Extra Registry section, select Use SafeList.
Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
iastor.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CreateRestorePoint
Now click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
Boot.ini check Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
ComboFix Log(if still available).
OTL logfile created on: 3/10/2013 11:52:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.92% Memory free
3.84 Gb Paging File | 3.23 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.04 Gb Free Space | 44.98% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/14 02:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRar.3.61\RarExt.dll
MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 11:03:30 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130309.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/23 18:14:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130309.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130308.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/10 09:09:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Dan Kamin\Application Data\NetAssistant\ [2011/01/07 23:17:24 | 000,000,000 | ---D | M]
[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2011/05/03 03:06:35 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\searchplugins\safesearch.xml
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={E009A79F-6F19-40C0-9DAA-D296A2EA6B5B}&mid=5d625cd444cf47d1a298d15565a979e2-e0f03ca4ab43c3216ed88e9ff50dba6c3f8578cb&lang=en&ds=ins12&pr=sa&d=2012-02-08 19:29:10&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2013/02/27 11:03:22 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/10 11:48:51 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\look.bat
[2013/03/10 11:27:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
[2013/03/10 11:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/10 09:13:45 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/10 09:13:45 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/10 09:12:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/10 09:12:23 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/10 09:11:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/10 09:08:48 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/10 09:08:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/09 19:51:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/08 11:15:21 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/03/08 09:27:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
[2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
[2013/02/27 11:03:29 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 11:03:29 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/27 11:03:22 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:02:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/24 22:40:31 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 00:53:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/10 11:48:50 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\look.bat
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:02:01 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %systemdrive%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: IASTOR.SYS >
[2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys
< MD5 for: SERVICES >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2012/12/18 10:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
< MD5 for: SERVICES.LNK >
[2010/12/28 16:49:32 | 000,001,602 | ---- | M] () MD5=B8271943DC99F3F2EC7698AC97788AB3 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINSOCK.DLL >
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
< End of report >
OTL Extras logfile created on: 3/10/2013 11:52:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.92% Memory free
3.84 Gb Paging File | 3.23 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.04 Gb Free Space | 44.98% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Dan Kamin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Dan Kamin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}" = SA23xx Device Manager
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9209B8AE-BA31-4FAB-9743-8E3F93DBD24E}" = LG Verizon United Drivers
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A918DE8A-98C8-0920-0000-000000100043}" = LG VX8300 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A918DE8A-98C8-0950-0000-000000300074}" = LG VX8300(ver.04) USB - Handset Manager V9.5
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.6.316
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}" = Adobe GoLive 5.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 4.0 LE" = Adobe Photoshop 4.0 LE
"Adobe SVG Viewer" = Adobe SVG Viewer
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7
"Carbonite Backup" = Carbonite
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ConverterLite" = ConverterLite 0.1
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.7.3
"DW WLAN Card Utility" = DW WLAN Card Utility
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"QcDrv" = Logitech® Camera Driver
"RealPlayer 15.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 0.9.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NetAssistant" = NetAssistant for Firefox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????/AT=????:IMAGE002.GIF> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????/AT=????:IMAGE002.GIF> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????/AT=????:IMAGE001.JPG> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????/AT=????:IMAGE001.JPG> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
Error - 2/25/2013 8:20:42 PM | Computer Name = DAN | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-1229272821-1500820517-682003330-1003}/NEW($E22933A4)/0/DELETED
ITEMS/????????????????????????> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)
[ System Events ]
Error - 3/6/2013 8:45:39 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/7/2013 8:58:07 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/7/2013 6:19:24 PM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/8/2013 8:59:33 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/8/2013 9:04:59 PM | Computer Name = DAN | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.
Error - 3/9/2013 11:30:57 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/9/2013 7:49:57 PM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 3/9/2013 7:52:00 PM | Computer Name = DAN | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.
Error - 3/10/2013 9:09:33 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 3/10/2013 9:10:59 AM | Computer Name = DAN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
< End of report >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
The computer still hangs on bootup. Sorry that I got the posting order wrong.
Specba
Dakeyras
2013-03-10, 21:41
Hi. :)
The computer still hangs on bootup. Sorry that I got the posting order wrong.
Acknowledged and not a problem.
Now it appears to myself ComboFix has been uninstalled, so fair play but did you modify the Boot.ini file after the ComboFix run or before ? Reason asking is when ComboFix is ran on a XP machine part of its routine is to prompt for the Recovery Console to be installed and no evidence of this in the current Boot.ini file.
Also are you aware both Carbonite Backup and ERUNT are set to run with every system reboot ? Not actually required to be honest and easy to remove if you so wish.
There are a fair few issues denoted in the system event logs that may account for this boot delay and we can address those if the need once I am satisfied malware is not the actual root cause.
Anyway answer my queries in your next reply please and in the meantime carry out the below also...
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\SN-Backup
And then click on OK.
Reset SP3 Firewall:
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box
firewall.cpl
And then click on OK >> Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select Off(not recommended) >> OK.
Note: No need for it to be active after the reset because the presently installed Norton Internet Security has a firewall component.
Scan with AdwCleaner:
Please download adwcleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) and save to the desktop.
Alternate downloads are here (http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml) or here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner).
Double click on adwcleaner.exe to launch the application.
Now click on the Delete tab >> reboot the machine if not prompted to do so.
Please post the contents of the log file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like S1.
Next:
Post a new OTL log also please(only one will be created this time and that is all I require).
As I recall, I ran combofix only after restoring the boot.ini. I was trying to get rid of the error message on bootup.
Here is the log file created y adwcleaner:
# AdwCleaner v2.114 - Logfile created 03/10/2013 at 16:56:33
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dan Kamin - DAN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\DOCUME~1\DANKAM~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\searchplugins\safesearch.xml
Folder Deleted : C:\DOCUME~1\DANKAM~1\LOCALS~1\Temp\avg@toolbar
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6000.17117
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\prefs.js
C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
-\\ Google Chrome v25.0.1364.152
File : C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.32] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.35] : keyword = "isearch.avg.com",
Deleted [l.38] : search_url = "hxxp://isearch.avg.com/search?cid={E009A79F-6F19-40C0-9DAA-D296A2EA6B5B}&mid=5d[...]
*************************
AdwCleaner[S1].txt - [2552 octets] - [10/03/2013 16:56:33]
########## EOF - C:\AdwCleaner[S1].txt - [2612 octets] ##########
I'll put the OTL log in my next post. The machine still hangs, so I know we have a way to go.
specba
OTL logfile created on: 3/10/2013 5:10:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.59% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.20 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 11:03:30 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130309.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/23 18:14:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130309.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130308.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/10 16:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Dan Kamin\Application Data\NetAssistant\ [2011/01/07 23:17:24 | 000,000,000 | ---D | M]
[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2013/02/27 11:03:22 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:02:01 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
< %systemdrive%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: IASTOR.SYS >
[2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys
< MD5 for: SERVICES >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2012/12/18 10:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
< MD5 for: SERVICES.LNK >
[2010/12/28 16:49:32 | 000,001,602 | ---- | M] () MD5=B8271943DC99F3F2EC7698AC97788AB3 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINSOCK.DLL >
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
< End of report >
Dakeyras
2013-03-10, 23:39
Hi. :)
As I recall, I ran combofix only after restoring the boot.ini. I was trying to get rid of the error message on bootup.
Fair play, I take it then you declined to install the actual Recovery Console. Not a problem as such can be accessed via the XP Installation CD-ROM if the need.
so I know we have a way to go
Aye indeed...
Do provide a answer for my prior queries please:-
Also are you aware both Carbonite Backup and ERUNT are set to run with every system reboot ? Not actually required to be honest and easy to remove if you so wish.
If unsure merely ask your friend. This I would like to know before we proceed any further, thank you.
As you may recall there was no Boot.ini when Dan brought the machine over. I wasn't sure if the lack of the boot.ini was the problem or a sympton of a larger issue.
I'm pretty sure he wants to keep Carbonite running on boot unless it's causing a problem. ERUNT can go.
specba
Dan was over last night about 9:30 p.m. He has gotten religion about backing up his data over the years. Maybe my influence. Carbonite stays. No need to back up the registry on each boot. Erunt can go.
I showed him how far we've come. He thanked me for my help so far. I warned him up front that this will take some time.
I only work mornings so I'll be ready for the next step this afternoon.
Thanks again.
Specba
Dakeyras
2013-03-11, 13:24
Hi. :)
Carbonite stays. No need to back up the registry on each boot. Erunt can go.
Acknowledged.
Thanks again.
You're welcome, lets proceed as follows shall we...
Next:
Click on Start >> All Programs >> Startup >> right click on ERUNT AutoBackup(if present) and select Delete >> Delete Shortcut
Next:
Now please go to my file submission channel here (http://www.bleepingcomputer.com/submit-malware.php?channel=87).
Next to the box:- Link to topic where this file was requested: Add in the below:-
http://forums.spybot.info/showthread.php?t=67905
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-
C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
Then click on the Send File tab. I will be notified when the file has been uploaded and checked.
Note: In the event the file is too large to upload, merely send it to a Zip File and upload that instead.
Custom OTL Script:
Note: Part of the custom script below will flush the actual prefetch folder. As a rule normally no need to do so but this time round I deem it prudent as a one off to err on the side of caution and for a while the commonly used software may not load as fast until the aforementioned folder is repopulated etc.
Double-click on OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]
:OTL
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
:Commands
[ResetHosts]
[EmptyTemp]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware:
Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Check Hard Disk For Errors:
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
And then click on OK. A blank command window will open on the desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on the desktop. Please post the contents of this file in your next reply.
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.
Check Hard Disk For Errors Log.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a96c9c-dfa4-11e0-8041-001c234d9011}\ not found.
File F:\SISetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{463ae7a2-ea2a-11e0-8059-001c234d9011}\ not found.
File E:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9f750ab-e38a-11e0-8049-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9f750ab-e38a-11e0-8049-001c234d9011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9f750ab-e38a-11e0-8049-001c234d9011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9f750ab-e38a-11e0-8049-001c234d9011}\ not found.
File F:\TL_Bootstrap.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dan Kamin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dan Kamin\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\25.0.1364.152_25.0.1364.97_CH-387B08EF.pf moved successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-19C3D96E.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARMHELPER.EXE-0532C627.pf moved successfully.
C:\WINDOWS\prefetch\ADWCLEANER.EXE-004AA3CD.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\APMSGFWD.EXE-1E2F49AE.pf moved successfully.
C:\WINDOWS\prefetch\APNTEX.EXE-089BDC66.pf moved successfully.
C:\WINDOWS\prefetch\APOINT.EXE-38D87019.pf moved successfully.
C:\WINDOWS\prefetch\ASOELNCH.EXE-279AC9F5.pf moved successfully.
C:\WINDOWS\prefetch\ATTRIB.EXE-39EAFB02.pf moved successfully.
C:\WINDOWS\prefetch\AUTOBACK.EXE-14D36A86.pf moved successfully.
C:\WINDOWS\prefetch\BCMWLTRY.EXE-34CCE601.pf moved successfully.
C:\WINDOWS\prefetch\CARBONITEUI.EXE-1E06B7EF.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-01A27ADF.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-01A27AE2.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-01A27AE6.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-01A27AEC.pf moved successfully.
C:\WINDOWS\prefetch\CLTLMH.EXE-1737480D.pf moved successfully.
C:\WINDOWS\prefetch\CLTRT.EXE-007AEAF9.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\CSC.EXE-01730C27.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\CVTRES.EXE-2329DCD5.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-2CC96D60.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-5353C76C.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-10F447C7.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
C:\WINDOWS\prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-1122DC84.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-2251F0B6.pf moved successfully.
C:\WINDOWS\prefetch\HELPER.EXE-0415776D.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\HIDFIND.EXE-124D0BCB.pf moved successfully.
C:\WINDOWS\prefetch\HKCMD.EXE-1D05234B.pf moved successfully.
C:\WINDOWS\prefetch\HP1100SM.EXE-138614DF.pf moved successfully.
C:\WINDOWS\prefetch\HPQBAM08.EXE-1ED43757.pf moved successfully.
C:\WINDOWS\prefetch\HPQGPC01.EXE-271E6A7F.pf moved successfully.
C:\WINDOWS\prefetch\HPQSTE08.EXE-18A7280B.pf moved successfully.
C:\WINDOWS\prefetch\HPSISVC.EXE-0A4B3F1D.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MAINTENANCESERVICE_INSTALLER.-1FEBE613.pf moved successfully.
C:\WINDOWS\prefetch\MAINTENANCESERVICE_TMP.EXE-1C52D666.pf moved successfully.
C:\WINDOWS\prefetch\MAXBACKSERVICEINT.EXE-2C60E823.pf moved successfully.
C:\WINDOWS\prefetch\MPLAYER2.EXE-179FD902.pf moved successfully.
C:\WINDOWS\prefetch\MSDTC.EXE-0E6E4AF7.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NSF.TMP-22E3F52B.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OFFLB.EXE-00E28F17.pf moved successfully.
C:\WINDOWS\prefetch\OIS.EXE-346AABEF.pf moved successfully.
C:\WINDOWS\prefetch\OSA9.EXE-27CD7DB8.pf moved successfully.
C:\WINDOWS\prefetch\OSPPSVC.EXE-39913FB5.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-36F66376.pf moved successfully.
C:\WINDOWS\prefetch\OUTLOOK.EXE-179DEC04.pf moved successfully.
C:\WINDOWS\prefetch\OUTLOOK.EXE-33904C46.pf moved successfully.
C:\WINDOWS\prefetch\PHOTOSLE.EXE-0A5ECF62.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.
C:\WINDOWS\prefetch\REALCONVERTER.EXE-3A0794AA.pf moved successfully.
C:\WINDOWS\prefetch\REALONEMESSAGECENTER.EXE-206EC97E.pf moved successfully.
C:\WINDOWS\prefetch\REALPLAY.EXE-1BF219BD.pf moved successfully.
C:\WINDOWS\prefetch\REALSCHED.EXE-22EEE8BD.pf moved successfully.
C:\WINDOWS\prefetch\REALSHARE.EXE-0D21B857.pf moved successfully.
C:\WINDOWS\prefetch\REALUPGRADE.EXE-38293202.pf moved successfully.
C:\WINDOWS\prefetch\RECORDINGMANAGER.EXE-34557554.pf moved successfully.
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf moved successfully.
C:\WINDOWS\prefetch\RPHELPERAPP.EXE-33CB172B.pf moved successfully.
C:\WINDOWS\prefetch\RSMSINK.EXE-032F2BAB.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-18AD835F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1A425F0A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-249048A1.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-27D4A4CF.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2EC34910.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-31BFCD6B.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-35B74804.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-47FC5A46.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4B703BF5.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-1AD3307F.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-042AE196.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-35D1D679.pf moved successfully.
C:\WINDOWS\prefetch\SETUP_WM.EXE-3135CBD6.pf moved successfully.
C:\WINDOWS\prefetch\SKYPE.EXE-30AE1A60.pf moved successfully.
C:\WINDOWS\prefetch\STSYSTRA.EXE-2B270561.pf moved successfully.
C:\WINDOWS\prefetch\STXMANAGER.EXE-394976A1.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\SYMERR.EXE-07C6A748.pf moved successfully.
C:\WINDOWS\prefetch\TOSBTMNG.EXE-33568774.pf moved successfully.
C:\WINDOWS\prefetch\UPDATECHECK.EXE-0186F9EE.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-0DA73E38.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-23F4D955.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-25157CC6.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf moved successfully.
C:\WINDOWS\prefetch\VSSVC.EXE-0F74375A.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWSSEARCH.EXE-20C0F767.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-10D55173.pf moved successfully.
C:\WINDOWS\prefetch\WLTRAY.EXE-2BF83672.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEF9C.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA0.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA1.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA2.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA3.pf moved successfully.
C:\WINDOWS\prefetch\WORDCONV.EXE-1B72C490.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\XCOPY.EXE-21FC761A.pf moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Dan Kamin
->Temp folder emptied: 674100788 bytes
->Temporary Internet Files folder emptied: 2482973418 bytes
->FireFox cache emptied: 88322737 bytes
->Google Chrome cache emptied: 369275993 bytes
->Flash cache emptied: 157014 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34673 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 4086289 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169428693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 355538764 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1467811399 bytes
Total Files Cleaned = 5,354.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03112013_195827
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1278.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.11.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Dan Kamin :: DAN [administrator]
3/11/2013 8:16:29 PM
mbam-log-2013-03-11 (20-16-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207915
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
156288320 KB total disk space.
79970184 KB in 88335 files.
34056 KB in 10083 indexes.
0 KB in bad sectors.
451696 KB in use by the system.
65536 KB occupied by the log file.
75832384 KB available on disk.
4096 bytes in each allocation unit.
39072080 total allocation units on disk.
18958096 allocation units available on disk.
The machine still hangs 3-4 minutes between when the background comes up and the desktop icons come in. It's an improvement over the 10-15 minutes it was taking.
specba
Dakeyras
2013-03-12, 11:08
Hi. :)
The machine still hangs 3-4 minutes between when the background comes up and the desktop icons come in. It's an improvement over the 10-15 minutes it was taking.
Acknowledged, the results of the file submission are good so no further action is required with regard to that.
Scan with RogueKiller:
Please download RogueKiller (http://www.bleepingcomputer.com/download/roguekiller/) to the desktop
Alternate downloads are here (http://www.geekstogo.com/forum/files/file/413-roguekiller/) or here (http://www.sur-la-toile.com/RogueKiller).
Quit all running programs.
Double-click on RogueKiller.exe to start the application.
Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
Now click on the Scan tab back in the RogueKiller main window.
The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
Please post the contents of the RKreport.txt in your next reply.
Hard-Drive Maintenance/Repair:
Note: For the CHKDSK portion you may refer to this tutorial of mine here (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html) and follow the instructions for Graphical Mode if you so wish.
Click Start >> Run and type cleanmgr in the box and click on OK.
Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
You can choose to check other boxes if you wish but they are not required.
Click on OK then Yes.
Next:-
Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.
You should see a screen like this just after the Post(power on self test) screen:
http://i223.photobucket.com/albums/dd202/Dakeyras_album/ChkDsk01.png
Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and the computer will continue to boot-up as normal.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable the currently installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
Please click here (http://www.eset.com/online-scanner-popup/) to run the scan...
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable the Anti-Virus application after running the above scan!
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
RogueKiller Log.
Eset online scanner log.
RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dan Kamin [Admin rights]
Mode : Scan -- Date : 03/12/2013 13:00:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x894FDDB0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A1BE0A8)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A1A5008)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8950AB58)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A045550)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x8951DDB0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x894F4788)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A1C3BD8)
SSDT[57] : NtDebugActiveProcess @ 0x80643BA8 -> HOOKED (Unknown @ 0x8950BA98)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A1C0B38)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89C7D698)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A1D5DD8)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x894FDCF0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A03A9C0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A268590)
SSDT[114] : NtOpenEvent @ 0x8060F0D6 -> HOOKED (Unknown @ 0x8951DCF0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A1C4100)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8937E290)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8950D900)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A1C0C08)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8950AA88)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A1BE008)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A1C3DC0)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A234E90)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x8950BB58)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8950D9C0)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A1C2F48)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A1ECDF0)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A21EC30)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x895202F0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89C7D768)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A3BCB48)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A206DD0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A2807C0)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A2A3A18)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A284D88)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A3FEE68)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A2A54C8)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A1AB2F0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A282D48)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A23E8A8)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9160314AS +++++
--- User ---
[MBR] 735558283eb882d10429f4baef6de194
[BSP] 2f3e1d68fd4dad25f7b87b4131285341 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03122013_02d1300.txt >>
RKreport[1]_S_03122013_02d1300.txt
Dakeyras
2013-03-12, 22:21
Post/reply acknowledged.
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7daaa265876f749b0dc2d8e0c012bcd
# engine=13369
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-12 10:22:16
# local_time=2013-03-12 06:22:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3588 16777214 85 82 12488697 66098142 0 0
# scanned=77624
# found=10
# cleaned=0
# scan_time=3877
sh=EFA4A1D09F463DE8FBDAA77302A3FCA9CAAECB58 ft=1 fh=4b233ba19392a77a vn="Win32/Agent.QUN trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe"
sh=975413B1D1B3350935BACAD6BE47523CBE9A4713 ft=1 fh=64b2a1b8aaa50cda vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe"
sh=D8C6C36BE062DDB6DA6143CA47B17696499F3A08 ft=1 fh=4357cb53d18b2b85 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe"
sh=D8C6C36BE062DDB6DA6143CA47B17696499F3A08 ft=1 fh=4357cb53d18b2b85 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe"
sh=CB4261711672E52A00A2A0077524B5D0E3C454DA ft=1 fh=a6a0163d0f5f569d vn="a variant of Win32/SoftonicDownloader.A application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe"
sh=CA4C9C88A966288F95C2676C08E613D5CD49E023 ft=1 fh=94c4eed788bab239 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe"
sh=4A52B7BE6540823D90C41974149498CDDDCC55A6 ft=1 fh=72607ddad7436d9d vn="probably a variant of Win32/Agent.BDXASRA trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe"
sh=4A52B7BE6540823D90C41974149498CDDDCC55A6 ft=1 fh=72607ddad7436d9d vn="probably a variant of Win32/Agent.BDXASRA trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe"
sh=5F903E0086A381B64E6CABCC69F836A9FFC0A3C1 ft=1 fh=d066d81b435b405c vn="a variant of Win32/HackTool.Patcher.A application" ac=I fn="C:\Program Files\WinRar.3.61\Patch.exe"
It still hangs for about 4 minutes before the icons come in during bootup. Even the clock readout in the taskbar freezes until the icons come in.
Dakeyras
2013-03-13, 11:53
Hi. :)
It still hangs for about 4 minutes before the icons come in during bootup. Even the clock readout in the taskbar freezes until the icons come in.
Acknowledged...We will address the results of the online scan, plus another round of in-depth system maintenance may help the overall situation and one more specific scan taking into account what was detected by the aforementioned online scan.
Next:
Run another custom OTL script using the below, most are false positive detections/borderline but no real need for them as merely installers and one is outright malicous etc.
:Files
C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe
:Commands
[EmptyTemp]
Scan with JRT:
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to the desktop.
Note: Temp shut down the protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
Doube-click on JRT.exe to launch the application.
The tool will open and start scanning the system.
Please be patient as this can take a while to complete depending on the system's specifications.
On completion, a log (JRT.txt) is saved to the desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Note: Reboot the machine and ensure all disabled security software is now enabled etc.
Next:
Run through the Hard-Drive Maintenance/Repair routine again as outlined in post #21 (http://forums.spybot.info/showpost.php?p=438129&postcount=21), except this time merely perform both the defrag' and check-disk.
Next:
When completed the above, please post back the following in the order asked for:
How the computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Junkware Removal Tool Log.
It is still hanging about 3-4 minutes on boot up.
OTL logfile created on: 3/13/2013 8:24:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.74% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 72.40 Gb Free Space | 48.58% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/12 22:04:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130312.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/23 18:14:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130312.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/13 08:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Dan Kamin\Application Data\NetAssistant\ [2011/01/07 23:17:24 | 000,000,000 | ---D | M]
[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/12 22:04:27 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
[2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/03/13 08:27:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
[2013/03/13 08:27:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
[2013/03/13 08:19:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 08:18:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 08:17:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/13 08:15:27 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/13 08:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/12 22:04:42 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 22:04:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 22:04:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 22:04:29 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 09:50:25 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/03/11 09:07:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
[2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/24 22:40:31 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 00:53:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< :Files >
< C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe >
[2011/05/22 11:30:05 | 001,589,364 | ---- | M] (Fengtao Software Inc. ) -- C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe >
[2012/11/24 23:08:55 | 001,302,424 | ---- | M] (Bandoo Media Inc) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe >
[2012/03/20 23:04:24 | 001,667,264 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe >
[2012/03/20 23:04:18 | 001,667,264 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe >
[2011/02/11 09:18:45 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe >
[2010/12/30 14:36:07 | 000,293,160 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe >
[2011/01/07 23:14:57 | 002,174,584 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe >
[2009/08/07 18:01:19 | 006,156,304 | ---- | M] (Moyea Software Co., LTD ) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe
< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe >
[2009/08/07 17:50:33 | 006,156,304 | ---- | M] (Moyea Software Co., LTD ) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe
< >
< :Commands >
< [EmptyTemp] >
< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Microsoft Windows XP x86
Ran by Dan Kamin on Wed 03/13/2013 at 8:46:44.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Dan Kamin\Application Data\netassistant"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{1266764d-fc4f-4fa7-b63b-884d53b1680f}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/13/2013 at 8:55:00.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dakeyras
2013-03-13, 21:07
Hi. :)
You actually ran a custom OTL scan as opposed to a custom OTL script, not a problem though and my apologies if you misunderstood what I was advising/asking for etc.
Custom OTL Script:
Double-click on OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe
:Commands
[EmptyTemp]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Next:
Going back to this you posted:-
I went into msconfig and deselected everything in the start menu. I got an error message saying I needed admin privileges to make the changes. The menu still showed all items deselected after a reboot. That menu had several unnamed entries.
I would like to check what exactly was disabled as follows and the current overall settings...
Double-click on OTL.exe to start the program.
Now click on the None button.
Under the Custom Scan/Fixes box cut & paste this in:-
msconfig
Click on Run Scan button.
When done, one Notepad file will open.
OTL.txt <-- Will be opened
Please post the contents of this Notepad file in your next reply.
Scan with FSS:
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and save to the desktop.
Double-click FSS.exe to start the program.
Select all available options
Then click on the Scan tab.
When the scan is complete, it will produce a log named FSS.txt.
Post the contents in your next reply.
Next:
When completed the above, please post back the following in the order asked for:
OTL Log from the Custom Script.
New OTL Log from the Custom Scan.
Farbar Service Scanner Log.
All processes killed
========== FILES ==========
C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe moved successfully.
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dan Kamin
->Temp folder emptied: 950324 bytes
->Temporary Internet Files folder emptied: 6406358 bytes
->FireFox cache emptied: 43139774 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1203 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 249498 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 48.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03132013_195005
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_11d0.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 3/13/2013 7:58:04 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.47% Memory free
3.84 Gb Paging File | 3.24 Gb Available in Paging File | 84.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 72.32 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/12 22:04:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130313.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130313.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/13 19:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: [b]Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
MsConfig - StartUpReg: HPUsageTrackingLEDM - hkey= - key= - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MsConfig - StartUpReg: LVCOMSX - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
MsConfig - StartUpReg: MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig - StartUpReg: MediaGet2 - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: vProt - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2013/03/13 08:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/13 08:46:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/13 08:44:42 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
[2013/03/12 22:04:27 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
[2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/03/13 20:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/13 19:54:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 19:54:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 19:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/13 19:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/13 19:51:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/13 19:27:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
[2013/03/13 08:36:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
[2013/03/13 08:27:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
[2013/03/12 22:04:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 22:04:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 22:04:29 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 09:50:25 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/03/11 09:07:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
[2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/24 22:40:31 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 00:53:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Farbar Service Scanner Version: 03-03-2013
Ran by Dan Kamin (administrator) on 13-03-2013 at 20:37:18
Running from "C:\Documents and Settings\Dan Kamin\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-12-28 16:47] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 06:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(10) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
After I posted the last log files Microsoft loaded 6 updates when I shut down. The delay is now down to a little over 2 minutes.
I know we are getting close. Thank you for your efforts so far.
Specba
Dakeyras
2013-03-14, 14:23
Hi. :)
After I posted the last log files Microsoft loaded 6 updates when I shut down.
Absolutely fine, Microsoft released some critical updates recently:-
Microsoft Security Bulletin Summary for March 2013 (http://technet.microsoft.com/en-us/security/bulletin/ms13-mar)
This is usually the first Tuesday of every month or close too, though not always some for XP as support is winding down for the Operating System as a whole but I will advise about this when I give the all clear.
The delay is now down to a little over 2 minutes.
I know we are getting close. Thank you for your efforts so far.
Good and you're welcome!
Enable MsConfig Items:
Enable all previously disabled Start Up items via MsConfig as follows:-
Click on Start >> Run... type in msconfig >> click on OK, then once the System Configuration Utility GUI has loaded >> select Startup
Then click on Enable All >> Apply >> Close >> Restart
StartUpLite:
Please download this small application from here (http://www.malwarebytes.org/startuplite.php) to the desktop
It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.
Note: Any not removed we will address in due course.
MsConfig Check:
Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:
@echo off
if exist C:\peek*.txt del /q C:\peek*.txt
if exist C:\startup.txt del /q C:\startup.txt
regedit /e C:\peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e C:\peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
regedit /e C:\peek3.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services"
type C:\peek*.txt >> C:\startup.txt
del /q C:\peek*.txt
start notepad C:\startup.txt
del %0
Go to File >> Save As
Save File name as msconfig.bat
Change Save as Type to All Files and save the file to the Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/msconfig.jpg
Now double click on the desktop msconfig.bat to run the batch file. It will self-delete when completed and produce a notepad text file named startup.
Note: It can also be located at the root of the hard-drive:- C:\startup.txt
Re-scan with OTL:
Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Now click on Quick Scan at the top left hand corner.
When done, one Notepad file will open.
Next:
When completed the above, please post back the following in the order asked for:
MsConfig Check Log.
New OTL Log.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
OTL logfile created on: 3/14/2013 2:57:25 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free
3.84 Gb Paging File | 3.09 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 72.04 Gb Free Space | 48.33% Space Free | Partition Type: NTFS
Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\HP1100LM.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll ()
MOD - C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll ()
MOD - C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll ()
MOD - C:\Program Files\HP\HP UT LEDM\bin\LEDMXMLObjects.dll ()
MOD - C:\Program Files\HP\HP UT LEDM\bin\DMBaseObjects.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WinRar.3.61\RarExt.dll ()
MOD - C:\Program Files\Logitech\QuickCam10\QuickCam10Res.dll ()
MOD - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130314.004\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130314.004\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (mam4410u) -- C:\WINDOWS\system32\drivers\mam4410u.sys (Mobile Action Technology Inc.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\mardp2k.sys (Mobile Action Technology Inc.)
DRV - (mam4410m) -- C:\WINDOWS\system32\drivers\mam4410m.sys (Mobile Action Technology Inc.)
DRV - (mam4410c) -- C:\WINDOWS\system32\drivers\mam4410c.sys (Mobile Action Technology Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/14 14:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003..\Run: [MediaGet2] C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2\mediaget.exe --minimized File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/14 14:52:00 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Dan Kamin\Desktop\startuplite-setup-1.07.exe
[2013/03/13 20:36:41 | 000,354,265 | ---- | C] (Farbar) -- C:\Documents and Settings\Dan Kamin\Desktop\FSS.exe
[2013/03/13 08:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/13 08:46:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/13 08:44:42 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
[2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
[2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/03/14 15:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/14 14:50:37 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Dan Kamin\Desktop\startuplite-setup-1.07.exe
[2013/03/14 14:47:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/14 14:47:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/14 14:47:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/14 14:44:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/14 14:44:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/14 14:43:32 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013/03/14 14:27:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
[2013/03/14 14:21:22 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/03/14 09:52:50 | 000,002,421 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Adobe GoLive 5.0 (ENG).lnk
[2013/03/14 08:27:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
[2013/03/14 08:18:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/13 20:35:50 | 000,354,265 | ---- | M] (Farbar) -- C:\Documents and Settings\Dan Kamin\Desktop\FSS.exe
[2013/03/13 08:36:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
[2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
[2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 00:53:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2013/03/14 14:43:29 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/03/14 14:43:29 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/02/16 12:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/12/30 18:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/12/28 19:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/02/08 20:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/28 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/12/28 23:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/12/29 01:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/02/10 23:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012/08/22 21:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/12 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\ConverterLite
[2012/09/14 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Dropbox
[2012/01/23 15:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Garmin
[2011/02/22 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\ImgBurn
[2010/12/29 01:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Leadertech
[2011/09/19 11:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\MobileAction
[2012/08/22 14:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\OverDrive
[2012/02/10 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\TeamViewer
[2012/09/29 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Vso
[2011/01/22 10:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\webex
[2010/12/29 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Windows Desktop Search
[2011/01/04 23:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Windows Search
========== Purity Check ==========
< End of report >
I got an access denied when I attempted to enable all items in his startup menu in MSCONFIG.
Specba
Dakeyras
2013-03-14, 23:07
Hi. :)
I got an access denied when I attempted to enable all items in his startup menu in MSCONFIG.Not a problem I think, in this instance it may have just been that Norton Internt Security attempted to hinder the changes as apparently this can occur with XP and the aforementioned installed/active etc.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\SN-Backup2And then click on OK.
Custom OTL Script:
Double-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemonl"=-
"hpqSRMon"=-
"HPUsageTrackingLEDM"=-
"ITSecMng"=-
"LogitechCommunicationsManager"=-
"LogitechQuickCamRibbon"=-
"MaxMenuMgr"=-
"vProt"=-
[HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\Run]
"MediaGet2"=-
:Files
C:\Program Files\AVG
C:\Program Files\AVG Secure Search
C:\Program Files\MediaGet2
C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2
:Commands
[ResetHosts]
[EmptyTemp]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware:
Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Scan with TDSSKiller:
Please download TDSSKiller (http://www.bleepingcomputer.com/download/tdsskiller/) to the desktop.
Double-click on TDSSKiller.exe to launch it.
When the window opens, click on Change Parameters
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
A Report will have been created by TDSSKiller in the root directory C:\
To find the log go to Start >> My Computer > C:
Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
Next:
When completed the above, please post back the following in the order asked for:
How is the computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.
TDSSKiller Log.
The icons still lag for about 3 minutes before they come in. This might be the best we can do.
HP printer software insisted on installing after OTL ran.
Specba
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2113384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1042432 bytes
Total Files Cleaned = 216.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_173033
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1480.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_814.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.15.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Dan Kamin :: DAN [administrator]
3/15/2013 5:41:24 PM
mbam-log-2013-03-15 (17-41-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209080
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
17:52:36.0734 5400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:52:38.0734 5400 ============================================================
17:52:38.0734 5400 Current date / time: 2013/03/15 17:52:38.0734
17:52:38.0734 5400 SystemInfo:
17:52:38.0734 5400
17:52:38.0734 5400 OS Version: 5.1.2600 ServicePack: 3.0
17:52:38.0734 5400 Product type: Workstation
17:52:38.0734 5400 ComputerName: DAN
17:52:38.0734 5400 UserName: Dan Kamin
17:52:38.0734 5400 Windows directory: C:\WINDOWS
17:52:38.0734 5400 System windows directory: C:\WINDOWS
17:52:38.0734 5400 Processor architecture: Intel x86
17:52:38.0734 5400 Number of processors: 2
17:52:38.0734 5400 Page size: 0x1000
17:52:38.0734 5400 Boot type: Normal boot
17:52:38.0734 5400 ============================================================
17:52:41.0906 5400 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:41.0906 5400 ============================================================
17:52:41.0906 5400 \Device\Harddisk0\DR0:
17:52:41.0906 5400 MBR partitions:
17:52:41.0906 5400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
17:52:41.0906 5400 ============================================================
17:52:41.0968 5400 C: <-> \Device\Harddisk0\DR0\Partition1
17:52:41.0984 5400 ============================================================
17:52:41.0984 5400 Initialize success
17:52:41.0984 5400 ============================================================
17:52:46.0750 4908 ============================================================
17:52:46.0750 4908 Scan started
17:52:46.0750 4908 Mode: Manual;
17:52:46.0750 4908 ============================================================
17:52:51.0781 4908 ================ Scan system memory ========================
17:52:51.0796 4908 System memory - ok
17:52:51.0796 4908 ================ Scan services =============================
17:52:52.0781 4908 Abiosdsk - ok
17:52:52.0796 4908 abp480n5 - ok
17:52:52.0859 4908 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:52:52.0859 4908 ACPI - ok
17:52:52.0937 4908 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:52:52.0937 4908 ACPIEC - ok
17:52:53.0046 4908 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:53.0171 4908 AdobeFlashPlayerUpdateSvc - ok
17:52:53.0171 4908 adpu160m - ok
17:52:53.0265 4908 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:52:53.0265 4908 aec - ok
17:52:53.0359 4908 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:52:53.0359 4908 AFD - ok
17:52:53.0375 4908 Aha154x - ok
17:52:53.0375 4908 aic78u2 - ok
17:52:53.0390 4908 aic78xx - ok
17:52:53.0484 4908 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:52:53.0484 4908 Alerter - ok
17:52:53.0562 4908 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:52:53.0562 4908 ALG - ok
17:52:53.0578 4908 AliIde - ok
17:52:53.0593 4908 amsint - ok
17:52:53.0687 4908 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:52:53.0687 4908 ApfiltrService - ok
17:52:53.0921 4908 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:52:53.0937 4908 Apple Mobile Device - ok
17:52:54.0046 4908 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:52:54.0046 4908 AppMgmt - ok
17:52:54.0125 4908 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:52:54.0125 4908 Arp1394 - ok
17:52:54.0140 4908 asc - ok
17:52:54.0156 4908 asc3350p - ok
17:52:54.0156 4908 asc3550 - ok
17:52:54.0375 4908 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:52:54.0390 4908 aspnet_state - ok
17:52:54.0500 4908 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:52:54.0500 4908 AsyncMac - ok
17:52:54.0546 4908 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:52:54.0546 4908 atapi - ok
17:52:54.0546 4908 Atdisk - ok
17:52:54.0640 4908 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:52:54.0640 4908 Atmarpc - ok
17:52:54.0828 4908 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:52:54.0843 4908 AudioSrv - ok
17:52:54.0968 4908 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:52:54.0968 4908 audstub - ok
17:52:55.0140 4908 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:52:55.0140 4908 b57w2k - ok
17:52:55.0578 4908 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:52:55.0609 4908 BCM43XX - ok
17:52:55.0687 4908 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:52:55.0687 4908 Beep - ok
17:52:55.0968 4908 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
17:52:56.0046 4908 BHDrvx86 - ok
17:52:56.0109 4908 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:52:56.0125 4908 BITS - ok
17:52:56.0281 4908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:52:56.0296 4908 Bonjour Service - ok
17:52:56.0359 4908 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:52:56.0359 4908 Browser - ok
17:52:56.0718 4908 [ 8A7BE4B3E6DD4687CF849B70EBDBCFF0 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
17:52:57.0078 4908 CarboniteService - ok
17:52:57.0125 4908 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:52:57.0125 4908 cbidf2k - ok
17:52:57.0390 4908 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:52:57.0390 4908 CCDECODE - ok
17:52:57.0390 4908 cd20xrnt - ok
17:52:57.0609 4908 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:52:57.0609 4908 Cdaudio - ok
17:52:57.0671 4908 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:52:57.0671 4908 Cdfs - ok
17:52:57.0718 4908 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:52:57.0718 4908 Cdrom - ok
17:52:57.0750 4908 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
17:52:57.0750 4908 cercsr6 - ok
17:52:57.0765 4908 Changer - ok
17:52:57.0843 4908 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:52:57.0843 4908 CiSvc - ok
17:52:57.0890 4908 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:52:57.0890 4908 ClipSrv - ok
17:52:57.0953 4908 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:57.0968 4908 clr_optimization_v2.0.50727_32 - ok
17:52:58.0000 4908 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:52:58.0000 4908 CmBatt - ok
17:52:58.0015 4908 CmdIde - ok
17:52:58.0046 4908 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:52:58.0046 4908 Compbatt - ok
17:52:58.0046 4908 COMSysApp - ok
17:52:58.0062 4908 Cpqarray - ok
17:52:58.0125 4908 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:52:58.0140 4908 CryptSvc - ok
17:52:58.0156 4908 dac2w2k - ok
17:52:58.0156 4908 dac960nt - ok
17:52:58.0359 4908 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:52:58.0484 4908 DcomLaunch - ok
17:52:58.0593 4908 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:52:58.0593 4908 Dhcp - ok
17:52:58.0656 4908 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:52:58.0656 4908 Disk - ok
17:52:58.0671 4908 dmadmin - ok
17:52:58.0750 4908 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:52:58.0750 4908 dmboot - ok
17:52:58.0828 4908 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:52:58.0828 4908 dmio - ok
17:52:58.0859 4908 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:52:58.0859 4908 dmload - ok
17:52:58.0937 4908 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:52:58.0953 4908 dmserver - ok
17:52:58.0984 4908 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:52:58.0984 4908 DMusic - ok
17:52:59.0093 4908 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:52:59.0093 4908 Dnscache - ok
17:52:59.0156 4908 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:52:59.0171 4908 Dot3svc - ok
17:52:59.0171 4908 dpti2o - ok
17:52:59.0234 4908 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:52:59.0234 4908 drmkaud - ok
17:52:59.0375 4908 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:52:59.0375 4908 EapHost - ok
17:52:59.0765 4908 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:52:59.0812 4908 eeCtrl - ok
17:52:59.0859 4908 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:52:59.0953 4908 EraserUtilRebootDrv - ok
17:52:59.0968 4908 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:52:59.0968 4908 ERSvc - ok
17:53:00.0093 4908 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:53:00.0171 4908 Eventlog - ok
17:53:00.0375 4908 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:53:00.0468 4908 EventSystem - ok
17:53:00.0531 4908 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:53:00.0531 4908 Fastfat - ok
17:53:00.0609 4908 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:53:00.0609 4908 FastUserSwitchingCompatibility - ok
17:53:00.0656 4908 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:53:00.0656 4908 Fdc - ok
17:53:00.0703 4908 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:53:00.0703 4908 Fips - ok
17:53:00.0718 4908 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:53:00.0718 4908 Flpydisk - ok
17:53:00.0796 4908 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:53:00.0796 4908 FltMgr - ok
17:53:00.0921 4908 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:53:00.0953 4908 FontCache3.0.0.0 - ok
17:53:01.0078 4908 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
17:53:01.0093 4908 FreeAgentGoNext Service - ok
17:53:01.0109 4908 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:53:01.0109 4908 Fs_Rec - ok
17:53:01.0140 4908 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:53:01.0140 4908 Ftdisk - ok
17:53:01.0281 4908 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:53:01.0281 4908 GEARAspiWDM - ok
17:53:01.0453 4908 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
17:53:01.0468 4908 GoToAssist - ok
17:53:01.0500 4908 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:53:01.0500 4908 Gpc - ok
17:53:01.0562 4908 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
17:53:01.0562 4908 guardian2 - ok
17:53:01.0625 4908 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:53:01.0625 4908 HDAudBus - ok
17:53:01.0765 4908 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:53:01.0765 4908 helpsvc - ok
17:53:01.0781 4908 HidServ - ok
17:53:01.0843 4908 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:53:01.0843 4908 hidusb - ok
17:53:01.0937 4908 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:53:01.0937 4908 hkmsvc - ok
17:53:02.0109 4908 [ 53DCA61931847E35C950504BFB7559C6 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
17:53:02.0125 4908 HP LaserJet Service - ok
17:53:02.0125 4908 hpn - ok
17:53:02.0484 4908 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:53:02.0546 4908 hpqcxs08 - ok
17:53:02.0609 4908 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:53:02.0609 4908 hpqddsvc - ok
17:53:02.0671 4908 [ 94D23D4F096F12CA42C2FE4196631F46 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
17:53:02.0671 4908 HPSIService - ok
17:53:02.0781 4908 [ 6F9CB6539A1B2508BD1C53D29334431A ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:53:02.0890 4908 HPSLPSVC - ok
17:53:02.0984 4908 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:53:02.0984 4908 HSFHWAZL - ok
17:53:03.0062 4908 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:53:03.0078 4908 HSF_DPV - ok
17:53:03.0140 4908 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:53:03.0156 4908 HTTP - ok
17:53:03.0484 4908 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:53:03.0484 4908 HTTPFilter - ok
17:53:03.0500 4908 i2omgmt - ok
17:53:03.0500 4908 i2omp - ok
17:53:03.0609 4908 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:53:03.0609 4908 i8042prt - ok
17:53:04.0078 4908 [ 37EB2DC75D8F6451AE55071610DC24E1 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:53:04.0140 4908 ialm - ok
17:53:04.0562 4908 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:53:04.0765 4908 idsvc - ok
17:53:04.0968 4908 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130313.003\IDSxpx86.sys
17:53:05.0000 4908 IDSxpx86 - ok
17:53:05.0062 4908 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:53:05.0062 4908 Imapi - ok
17:53:05.0125 4908 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:53:05.0156 4908 ImapiService - ok
17:53:05.0171 4908 ini910u - ok
17:53:05.0187 4908 IntelIde - ok
17:53:05.0343 4908 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:53:05.0359 4908 intelppm - ok
17:53:05.0406 4908 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:53:05.0421 4908 Ip6Fw - ok
17:53:05.0468 4908 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:53:05.0468 4908 IpFilterDriver - ok
17:53:05.0531 4908 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:53:05.0531 4908 IpInIp - ok
17:53:05.0593 4908 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:53:05.0593 4908 IpNat - ok
17:53:05.0703 4908 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:53:05.0796 4908 iPod Service - ok
17:53:05.0843 4908 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:53:05.0843 4908 IPSec - ok
17:53:05.0890 4908 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:53:05.0890 4908 IRENUM - ok
17:53:05.0921 4908 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:53:05.0921 4908 isapnp - ok
17:53:05.0984 4908 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:53:05.0984 4908 Kbdclass - ok
17:53:06.0015 4908 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:53:06.0015 4908 kmixer - ok
17:53:06.0078 4908 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:53:06.0078 4908 KSecDD - ok
17:53:06.0203 4908 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:53:06.0234 4908 lanmanserver - ok
17:53:06.0296 4908 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:53:06.0328 4908 lanmanworkstation - ok
17:53:06.0343 4908 lbrtfdc - ok
17:53:06.0421 4908 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:53:06.0437 4908 LmHosts - ok
17:53:06.0609 4908 [ 2D0AB9D29E6B0C42CCE955B5A8E0D62D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
17:53:06.0625 4908 LVcKap - ok
17:53:06.0734 4908 [ A3963E3D997C3646E1D3338EB88A48E9 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
17:53:06.0750 4908 LVMVDrv - ok
17:53:06.0828 4908 [ 39C767BD6D99C23D28E71B6E0CBA3129 ] LVPr2Mon C:\WINDOWS\system32\drivers\LVPr2Mon.sys
17:53:06.0828 4908 LVPr2Mon - ok
17:53:07.0187 4908 [ 44B3B997E25C5D9A81D6C501451A96D7 ] LVPrcSrv c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
17:53:07.0250 4908 LVPrcSrv - ok
17:53:07.0609 4908 [ 7B4607C0C664DA98753508F85BB10694 ] LVSrvLauncher C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
17:53:07.0625 4908 LVSrvLauncher - ok
17:53:07.0656 4908 [ 6AD3F5275F117F08C12EAB2233A9E3FB ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
17:53:07.0656 4908 LVUSBSta - ok
17:53:07.0718 4908 [ 494DAAD7DAB01D160C37AE7D99B00DE6 ] mam4410c C:\WINDOWS\system32\Drivers\mam4410c.sys
17:53:07.0734 4908 mam4410c - ok
17:53:07.0765 4908 [ B2434B4F7827798ABECD2103FB8F64A5 ] mam4410m C:\WINDOWS\system32\Drivers\mam4410m.sys
17:53:07.0765 4908 mam4410m - ok
17:53:07.0796 4908 [ 5020E06AD2C3551A1F37CF2D48EBC418 ] mam4410u C:\WINDOWS\system32\Drivers\mam4410u.sys
17:53:07.0796 4908 mam4410u - ok
17:53:07.0859 4908 [ B51E7EAB4BAF13B492AA3299BCF52A35 ] MaRdPnp C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
17:53:07.0875 4908 MaRdPnp - ok
17:53:07.0906 4908 [ 8181CEB341CBB2F7F893F85B915D5E15 ] MaVctrl C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
17:53:07.0906 4908 MaVctrl - ok
17:53:07.0921 4908 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:53:07.0921 4908 mdmxsdk - ok
17:53:07.0968 4908 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:53:07.0968 4908 Messenger - ok
17:53:08.0000 4908 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:53:08.0015 4908 mnmdd - ok
17:53:08.0078 4908 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:53:08.0093 4908 mnmsrvc - ok
17:53:08.0171 4908 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:53:08.0171 4908 Modem - ok
17:53:08.0281 4908 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:53:08.0343 4908 Mouclass - ok
17:53:08.0406 4908 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:53:08.0421 4908 mouhid - ok
17:53:08.0515 4908 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:53:08.0546 4908 MountMgr - ok
17:53:08.0640 4908 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:53:08.0656 4908 MozillaMaintenance - ok
17:53:08.0656 4908 mraid35x - ok
17:53:08.0718 4908 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:53:08.0734 4908 MRxDAV - ok
17:53:08.0812 4908 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:53:08.0843 4908 MRxSmb - ok
17:53:08.0875 4908 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:53:08.0906 4908 MSDTC - ok
17:53:08.0968 4908 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:53:08.0968 4908 Msfs - ok
17:53:08.0968 4908 MSIServer - ok
17:53:09.0000 4908 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:53:09.0031 4908 MSKSSRV - ok
17:53:09.0062 4908 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:53:09.0093 4908 MSPCLOCK - ok
17:53:09.0156 4908 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:53:09.0171 4908 MSPQM - ok
17:53:09.0218 4908 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:53:09.0218 4908 mssmbios - ok
17:53:09.0375 4908 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:53:09.0390 4908 MSTEE - ok
17:53:09.0406 4908 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:53:09.0453 4908 Mup - ok
17:53:09.0500 4908 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:53:09.0500 4908 NABTSFEC - ok
17:53:09.0593 4908 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:53:09.0671 4908 napagent - ok
17:53:09.0828 4908 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130315.004\NAVENG.SYS
17:53:09.0828 4908 NAVENG - ok
17:53:10.0062 4908 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130315.004\NAVEX15.SYS
17:53:10.0265 4908 NAVEX15 - ok
17:53:10.0484 4908 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:53:10.0593 4908 NDIS - ok
17:53:10.0656 4908 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:53:10.0656 4908 NdisIP - ok
17:53:10.0750 4908 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:53:10.0765 4908 NdisTapi - ok
17:53:10.0828 4908 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:53:10.0843 4908 Ndisuio - ok
17:53:10.0937 4908 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:53:10.0937 4908 NdisWan - ok
17:53:11.0000 4908 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:53:11.0015 4908 NDProxy - ok
17:53:11.0093 4908 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:53:11.0109 4908 Net Driver HPZ12 - ok
17:53:11.0125 4908 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:53:11.0125 4908 NetBIOS - ok
17:53:11.0234 4908 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:53:11.0359 4908 NetBT - ok
17:53:11.0406 4908 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:53:11.0421 4908 NetDDE - ok
17:53:11.0437 4908 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:53:11.0437 4908 NetDDEdsdm - ok
17:53:11.0468 4908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:53:11.0484 4908 Netlogon - ok
17:53:11.0625 4908 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:53:11.0671 4908 Netman - ok
17:53:11.0781 4908 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:53:11.0796 4908 NetTcpPortSharing - ok
17:53:11.0843 4908 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:53:11.0859 4908 NIC1394 - ok
17:53:12.0218 4908 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
17:53:12.0218 4908 NIS - ok
17:53:12.0437 4908 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:53:12.0609 4908 Nla - ok
17:53:12.0656 4908 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:53:12.0671 4908 Npfs - ok
17:53:12.0828 4908 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:53:12.0890 4908 Ntfs - ok
17:53:12.0937 4908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:53:12.0937 4908 NtLmSsp - ok
17:53:12.0968 4908 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:53:12.0984 4908 NtmsSvc - ok
17:53:13.0015 4908 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:53:13.0046 4908 Null - ok
17:53:13.0093 4908 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:53:13.0093 4908 NwlnkFlt - ok
17:53:13.0109 4908 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:53:13.0109 4908 NwlnkFwd - ok
17:53:13.0156 4908 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:53:13.0187 4908 ohci1394 - ok
17:53:13.0359 4908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:53:13.0375 4908 ose - ok
17:53:13.0734 4908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:53:13.0875 4908 osppsvc - ok
17:53:13.0953 4908 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:53:13.0984 4908 Parport - ok
17:53:14.0031 4908 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:53:14.0046 4908 PartMgr - ok
17:53:14.0093 4908 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:53:14.0093 4908 ParVdm - ok
17:53:14.0109 4908 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:53:14.0125 4908 PCI - ok
17:53:14.0125 4908 PCIDump - ok
17:53:14.0187 4908 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:53:14.0187 4908 PCIIde - ok
17:53:14.0406 4908 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:53:14.0546 4908 Pcmcia - ok
17:53:14.0687 4908 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:53:14.0703 4908 pcouffin - ok
17:53:14.0703 4908 PDCOMP - ok
17:53:14.0703 4908 PDFRAME - ok
17:53:14.0718 4908 PDRELI - ok
17:53:14.0718 4908 PDRFRAME - ok
17:53:14.0796 4908 [ 4350CB255AD546F4668C8B8AFD6A00A4 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
17:53:14.0796 4908 pepifilter - ok
17:53:14.0796 4908 perc2 - ok
17:53:14.0812 4908 perc2hib - ok
17:53:14.0953 4908 [ 6B310DE726E1A0DEFD66718A7F79B5D2 ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
17:53:15.0093 4908 PID_08A0 - ok
17:53:15.0140 4908 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:53:15.0140 4908 PlugPlay - ok
17:53:15.0234 4908 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:53:15.0234 4908 Pml Driver HPZ12 - ok
17:53:15.0281 4908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:53:15.0281 4908 PolicyAgent - ok
17:53:15.0375 4908 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:53:15.0375 4908 PptpMiniport - ok
17:53:15.0375 4908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:53:15.0375 4908 ProtectedStorage - ok
17:53:15.0390 4908 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:53:15.0390 4908 PSched - ok
17:53:15.0453 4908 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:53:15.0453 4908 Ptilink - ok
17:53:15.0453 4908 ql1080 - ok
17:53:15.0453 4908 Ql10wnt - ok
17:53:15.0468 4908 ql12160 - ok
17:53:15.0468 4908 ql1240 - ok
17:53:15.0468 4908 ql1280 - ok
17:53:15.0531 4908 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:53:15.0531 4908 RasAcd - ok
17:53:15.0578 4908 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:53:15.0593 4908 RasAuto - ok
17:53:15.0625 4908 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:53:15.0640 4908 Rasl2tp - ok
17:53:15.0718 4908 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:53:15.0718 4908 RasMan - ok
17:53:15.0734 4908 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:53:15.0734 4908 RasPppoe - ok
17:53:15.0734 4908 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:53:15.0734 4908 Raspti - ok
17:53:15.0765 4908 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:53:15.0765 4908 Rdbss - ok
17:53:15.0765 4908 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:53:15.0765 4908 RDPCDD - ok
17:53:15.0796 4908 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:53:15.0796 4908 rdpdr - ok
17:53:15.0843 4908 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:53:15.0843 4908 RDPWD - ok
17:53:15.0875 4908 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:53:15.0890 4908 RDSessMgr - ok
17:53:15.0906 4908 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:53:15.0906 4908 redbook - ok
17:53:15.0953 4908 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:53:15.0953 4908 RemoteAccess - ok
17:53:16.0000 4908 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:53:16.0000 4908 RemoteRegistry - ok
17:53:16.0015 4908 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:53:16.0015 4908 RpcLocator - ok
17:53:16.0046 4908 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:53:16.0062 4908 RpcSs - ok
17:53:16.0109 4908 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:53:16.0125 4908 RSVP - ok
17:53:16.0140 4908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:53:16.0140 4908 SamSs - ok
17:53:16.0140 4908 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:53:16.0156 4908 SCardSvr - ok
17:53:16.0187 4908 [ 50B724C9D03111245DF270BC3F49F04D ] ScFBPNT2 C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
17:53:16.0203 4908 ScFBPNT2 - ok
17:53:16.0328 4908 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:53:16.0390 4908 Schedule - ok
17:53:16.0453 4908 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:53:16.0453 4908 Secdrv - ok
17:53:16.0515 4908 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:53:16.0515 4908 seclogon - ok
17:53:16.0562 4908 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:53:16.0578 4908 SENS - ok
17:53:16.0625 4908 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:53:16.0625 4908 serenum - ok
17:53:16.0703 4908 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:53:16.0718 4908 Serial - ok
17:53:16.0750 4908 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:53:16.0765 4908 Sfloppy - ok
17:53:16.0828 4908 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:53:16.0843 4908 SharedAccess - ok
17:53:16.0859 4908 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:53:16.0859 4908 ShellHWDetection - ok
17:53:16.0859 4908 Simbad - ok
17:53:16.0937 4908 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:53:16.0953 4908 SkypeUpdate - ok
17:53:16.0984 4908 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:53:16.0984 4908 SLIP - ok
17:53:17.0000 4908 Sparrow - ok
17:53:17.0015 4908 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:53:17.0046 4908 splitter - ok
17:53:17.0109 4908 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:53:17.0125 4908 Spooler - ok
17:53:17.0187 4908 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:53:17.0187 4908 sr - ok
17:53:17.0312 4908 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:53:17.0375 4908 srservice - ok
17:53:17.0578 4908 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1207020.003\SRTSP.SYS
17:53:17.0671 4908 SRTSP - ok
17:53:17.0703 4908 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1207020.003\SRTSPX.SYS
17:53:17.0718 4908 SRTSPX - ok
17:53:17.0796 4908 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:53:17.0968 4908 Srv - ok
17:53:18.0046 4908 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:53:18.0046 4908 SSDPSRV - ok
17:53:18.0171 4908 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
17:53:18.0187 4908 STacSV - ok
17:53:18.0390 4908 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:53:18.0562 4908 STHDA - ok
17:53:18.0609 4908 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:53:18.0625 4908 StillCam - ok
17:53:18.0703 4908 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:53:18.0781 4908 stisvc - ok
17:53:18.0812 4908 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:53:18.0828 4908 streamip - ok
17:53:18.0859 4908 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:53:18.0859 4908 swenum - ok
17:53:18.0921 4908 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:53:18.0937 4908 swmidi - ok
17:53:18.0937 4908 SwPrv - ok
17:53:18.0953 4908 symc810 - ok
17:53:18.0968 4908 symc8xx - ok
17:53:19.0046 4908 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMDS.SYS
17:53:19.0062 4908 SymDS - ok
17:53:19.0484 4908 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMEFA.SYS
17:53:19.0656 4908 SymEFA - ok
17:53:19.0734 4908 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:53:19.0734 4908 SymEvent - ok
17:53:19.0765 4908 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\NIS\1207020.003\Ironx86.SYS
17:53:19.0765 4908 SymIRON - ok
17:53:19.0906 4908 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1207020.003\SYMTDI.SYS
17:53:19.0968 4908 SYMTDI - ok
17:53:19.0984 4908 sym_hi - ok
17:53:19.0984 4908 sym_u3 - ok
17:53:20.0140 4908 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:53:20.0140 4908 sysaudio - ok
17:53:20.0203 4908 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:53:20.0203 4908 SysmonLog - ok
17:53:20.0250 4908 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:53:20.0250 4908 TapiSrv - ok
17:53:20.0296 4908 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:53:20.0312 4908 Tcpip - ok
17:53:20.0343 4908 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:53:20.0343 4908 TDPIPE - ok
17:53:20.0359 4908 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:53:20.0359 4908 TDTCP - ok
17:53:20.0390 4908 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:53:20.0390 4908 TermDD - ok
17:53:20.0437 4908 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:53:20.0453 4908 TermService - ok
17:53:20.0468 4908 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:53:20.0468 4908 Themes - ok
17:53:20.0515 4908 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:53:20.0515 4908 TlntSvr - ok
17:53:20.0531 4908 TosIde - ok
17:53:20.0578 4908 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
17:53:20.0578 4908 tosporte - ok
17:53:20.0625 4908 [ 8C3BFAF3FCA90502E6FA35503B8E979E ] tosrfbd C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
17:53:20.0640 4908 tosrfbd - ok
17:53:20.0687 4908 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
17:53:20.0687 4908 tosrfbnp - ok
17:53:20.0734 4908 [ 4742F0BAD28268AB093ED6F4EA857997 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
17:53:20.0734 4908 Tosrfcom - ok
17:53:20.0750 4908 [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
17:53:20.0750 4908 Tosrfhid - ok
17:53:20.0781 4908 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
17:53:20.0781 4908 tosrfnds - ok
17:53:20.0828 4908 [ 01C90086CD37E7E8D9A827E24167FCB7 ] Tosrfusb C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
17:53:20.0828 4908 Tosrfusb - ok
17:53:20.0890 4908 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:53:20.0890 4908 TrkWks - ok
17:53:20.0906 4908 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:53:20.0921 4908 Udfs - ok
17:53:20.0937 4908 ultra - ok
17:53:21.0000 4908 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:53:21.0015 4908 Update - ok
17:53:21.0046 4908 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:53:21.0062 4908 upnphost - ok
17:53:21.0093 4908 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:53:21.0109 4908 UPS - ok
17:53:21.0156 4908 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:53:21.0156 4908 usbaudio - ok
17:53:21.0218 4908 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:53:21.0218 4908 usbbus - ok
17:53:21.0265 4908 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:53:21.0265 4908 usbccgp - ok
17:53:21.0312 4908 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
17:53:21.0312 4908 UsbDiag - ok
17:53:21.0343 4908 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:53:21.0343 4908 usbehci - ok
17:53:21.0359 4908 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:53:21.0359 4908 usbhub - ok
17:53:21.0406 4908 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:53:21.0406 4908 USBModem - ok
17:53:21.0437 4908 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:53:21.0437 4908 usbprint - ok
17:53:21.0468 4908 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:53:21.0468 4908 USBSTOR - ok
17:53:21.0500 4908 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:53:21.0515 4908 usbuhci - ok
17:53:21.0546 4908 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:53:21.0546 4908 VgaSave - ok
17:53:21.0546 4908 ViaIde - ok
17:53:21.0609 4908 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:53:21.0609 4908 VolSnap - ok
17:53:21.0671 4908 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:53:21.0687 4908 VSS - ok
17:53:21.0718 4908 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:53:21.0718 4908 W32Time - ok
17:53:21.0734 4908 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:53:21.0734 4908 Wanarp - ok
17:53:21.0812 4908 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:53:21.0828 4908 Wdf01000 - ok
17:53:21.0843 4908 WDICA - ok
17:53:21.0875 4908 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:53:21.0875 4908 wdmaud - ok
17:53:21.0937 4908 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:53:21.0953 4908 WebClient - ok
17:53:21.0984 4908 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:53:22.0015 4908 winachsf - ok
17:53:22.0140 4908 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:53:22.0140 4908 winmgmt - ok
17:53:22.0156 4908 wltrysvc - ok
17:53:22.0203 4908 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:53:22.0218 4908 WmdmPmSN - ok
17:53:22.0265 4908 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:53:22.0296 4908 Wmi - ok
17:53:22.0312 4908 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:53:22.0328 4908 WmiAcpi - ok
17:53:22.0343 4908 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:53:22.0343 4908 WmiApSrv - ok
17:53:22.0468 4908 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:53:22.0500 4908 WMPNetworkSvc - ok
17:53:22.0562 4908 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:53:22.0578 4908 wscsvc - ok
17:53:22.0578 4908 WSearch - ok
17:53:22.0625 4908 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:53:22.0625 4908 WSTCODEC - ok
17:53:22.0671 4908 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:53:22.0671 4908 wuauserv - ok
17:53:22.0734 4908 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:53:22.0750 4908 WudfPf - ok
17:53:22.0765 4908 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:53:22.0765 4908 WudfRd - ok
17:53:22.0812 4908 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:53:22.0812 4908 WudfSvc - ok
17:53:22.0875 4908 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:53:22.0906 4908 WZCSVC - ok
17:53:22.0953 4908 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:53:22.0953 4908 xmlprov - ok
17:53:22.0968 4908 ================ Scan global ===============================
17:53:23.0031 4908 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:53:23.0078 4908 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:53:23.0109 4908 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:53:23.0125 4908 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:53:23.0140 4908 [Global] - ok
17:53:23.0140 4908 ================ Scan MBR ==================================
17:53:23.0156 4908 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:53:23.0437 4908 \Device\Harddisk0\DR0 - ok
17:53:23.0437 4908 ================ Scan VBR ==================================
17:53:23.0453 4908 [ 3D6A656C4F09990DF07BCE99AD6682FA ] \Device\Harddisk0\DR0\Partition1
17:53:23.0453 4908 \Device\Harddisk0\DR0\Partition1 - ok
17:53:23.0453 4908 ============================================================
17:53:23.0453 4908 Scan finished
17:53:23.0453 4908 ============================================================
17:53:23.0468 5424 Detected object count: 0
17:53:23.0468 5424 Actual detected object count: 0
Dakeyras
2013-03-15, 23:36
The icons still lag for about 3 minutes before they come in. This might be the best we can do.
Acknowledged/possibly...I will have a think about this/sleep on it so to speak and reply back in due course.
In the meantime the requested OTL Log from the Custom Script is incomplete, could you repost it again please. :)
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\APSDaemonl not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HPUsageTrackingLEDM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ITSecMng deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LogitechCommunicationsManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MaxMenuMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\Run not found.
========== FILES ==========
File\Folder C:\Program Files\AVG not found.
File\Folder C:\Program Files\AVG Secure Search not found.
File\Folder C:\Program Files\MediaGet2 not found.
C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job moved successfully.
File\Folder C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Dan Kamin
->Temp folder emptied: 1380223 bytes
->Temporary Internet Files folder emptied: 9295269 bytes
->FireFox cache emptied: 212029502 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2402 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2113384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1042432 bytes
Total Files Cleaned = 216.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_173033
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1480.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_814.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Dakeyras
2013-03-16, 11:46
Hi. :)
Going back to this you mentioned:-
HP printer software insisted on installing after OTL ran.
Any further problems just consider uninstalling the software as no real need for it. I have a HP printer myself and do not have any of the associated software installed apart from the required driver etc. Though the downside of that is the scan feature does not work as should but I do not use that very often and still prefer to keep the HP software at bay so to speak.
How long is left on the subscription for Norton Internet Security before it expires ?
Re-scan with RogueKiller:
Again as outlined here (http://forums.spybot.info/showpost.php?p=438129&postcount=21), then after the pre-scan has completed click on the ShortcutsFix button.
Post the new log created in your next reply.
System File Check:
Close all open applications/windows etc.
Click on Start >> Run...
Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
Click on OK
System File Checker will now scan all protected files to verify their versions.
Note: This will take some time. Also you may be prompted to place the XP installation CD-ROM in the CD-Drive if required.
TFC(Temp File Cleaner):
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to the desktop.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.
I advice consider keeping TFC on the desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.
Next:
Let myself know when completed the above, if any further problems/issues encountered etc. Post the new RogueKiller log along with the answer to my NIS query and we will then go from there, thank you.
RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dan Kamin [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/16/2013 08:17:37
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 74 / Fail 0
My documents: Success 198 / Fail 198
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 97 / Fail 291
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_03162013_02d0817.txt >>
RKreport[1]_S_03122013_02d1300.txt ; RKreport[2]_S_03162013_02d0815.txt ; RKreport[3]_SC_03162013_02d0817.txt
His Norton expires in August. Personally I like Windows Defender. I've also used Avast! . Is there something you would recommend?
Dakeyras
2013-03-16, 15:31
Hi. :)
His Norton expires in August.
Acknowledged...
I am a great believer in if something is not broke do not fix and if the need we can address this. The problem with such bundled security related software is at times they can cause a myriad of system related problems that affect over performance.
Personally I like Windows Defender. I've also used Avast!
Both are fine applications. Windows Defender did get a somewhat bad reputation in it's early days as it was based up Giant AntiSpyware originally and called in turn Microsoft AntiSpyware if I recall but the more recent incarnations have improved considerably.
Is there something you would recommend?
Microsoft Security Essentials and I use that myself on all my machines, has a low system footprint and does the job so to speak.
Though with Windows 8 it is actually incorporated into Windows Defender and uses the same virus database/definitions etc.
What would you like me to do next? Are we at the cleanup stage?
Specba
Dakeyras
2013-03-16, 15:46
How's the machine now, still the same issuies ? :)
The delay is still about 3 minutes. When he was over the night before last he said there was always somewhat of a delay on this machine before his icons came in. Either way it is light years ahead of the 15 minutes it used to take when he first brought the machine over.
My wife and I are seeing him tonight. I'd love to be able to give it back to him. Dan and I have been friends since 1968. He was in college and I was in High School when we met. This computer is his lifeline.
Specba
Dakeyras
2013-03-16, 16:20
Hi. :)
Acknowledged, well far as I can ascertain malware is no longer a issue...
But we can run a few quick checks and I'll be back later on to provide some advice/clear up tools etc.
Profile Check:
Click on Start >> Control Panel >> User Accounts
Now click on Create a new account >> name it say Test >> Create Account
Then power down the machine >> reboot it into the test account and check for myself if still the same lag.
Note: Feel free to remove the test account when finished.
Scan with Speccy:
Please download the installer for Speccy from here (http://www.filehippo.com/download_speccy/) to the desktop.
Double-click on spsetup120.exe to install the application >> follow the prompts >> deselect the option Automatically check for updates to Speccy(the others leave as is per your preferance) >> Install
Delselct View Release notes but leave Run Speccy vN.NN selected >> Finish
Speccy will now automatically scan your system, this may take some time etc.
Once it has completed scanning >> click on File >> Save as Text File... >> select the Desktop as the save destination >> Save
Close Speccy.
Open the notepad file you have just saved...
Scroll down to the heading Operating System >> next to Serial Number:
Delete/remove the actual serial number as prudent not to have that displayed in a open forum for security reasons etc.
Post the Speccy log in your next reply for my review.
Software Check/Update:
Let check/update some software as follows shall we...
Download and install FileHippo Update Checker from here (http://www.filehippo.com/updatechecker/).
Once installed(during the installation process deselect the option:- Run at Startup >> Start >> All Programs >> double-click on Update Checker >> a browser window will open after the scan is complete.
Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Add/Remove Programs in the Control Panel.
Re-install the updated software, delete the installers and then empty the Recycle Bin.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
I tried to post the log, but got an error message that it was too long. It is attached as a .zip file.
The test account I created logged in without the delay.
Specba
A message appeared saying a trial license for a bluetooth management program had expired. I uninstalled the program. I'm not sure if his laptop even has bluetooth.
Specba
On reboot I now get a message that a USB driver needs to load. After having it search it could not find a driver.
I check the device manager and there is an exclamation point by the usb device.
I tried going to Dell's website and logged in to check if there was a usb driver for this service tag. I couldn't find one.
Dakeyras
2013-03-16, 20:33
Hi. :)
The temperature of the machine is a tad high:-
Intel Mobile Core 2 Duo T7250 @ 2.00GH 63 °C
Motherboard Dell Inc 63 °C
This may explain some of the errors you mentioned, so might be idea to check all fans are working and none of the airflow vents are blocked etc.
Also carry out the below please as follows...
Create a User account/transfer old settings:
Create a new user account:
Go to Start >> Control Panel >> User Accounts.
Click on Create A New Account.
Give the account a name and click Next > >> Create Account.
Note: Ensure that the new account type is a Computer Administrator, you may change it to a limited account later on for security reasons if you so wish.
Now login into your friends account and perform the following:
Right-click My Computer, and select Properties.
Select the Advanced tab.
Click the Settings button in the User Profiles section.
Select the user account that was corrupted.
Click the Copy To button.
Click Browse button and then browse For Folder dialogue box to locate the Documents and Settings folder and select the new account.
A confirmation dialogue box should appear that informs you that the original files will be deleted and prompts you to confirm the copy operation. Click Yes.
Once the profile is copied, log off from the system and login again with the new Account/User-name. All the settings of the old account should be copied.
Check the new account is working correctly then:
Go to Start >> Control Panel >> User Accounts.
Click on the old account >> Delete the account >> Delete Files >> Delete Account.
Let myself know the outcome when completed the above and we then proceed from there, thank you.
The driver issue turned out to be an internal bluetooth device. I was able to find the correct drivers and load them. Device manager is now happy.
I can't copy his profile. It hangs on the hour glass.
I tried copying from within his profile and couldn't see the new one listed. I logged out and logged into the test profile I created earlier. I then could see all three. I tried copying from within that third profile. That is when I got the hour glass. I let it run for some 30 minutes.
Dakeyras
2013-03-16, 21:58
Hi. :)
You could try this methodology instead:-
How to copy data from a corrupted user profile to a new profile in Windows XP (http://support.microsoft.com/kb/811151)
If that still does now work the only other options would be consider a repair of the Operating System:-
How-to repair Windows XP (http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/)
Or a actual a reformat and reinstallation of the Windows Operating System. Not a lot else I can advise to be quite honest. Anyway might as well clean up tools etc as follows...
Reset SR Points/Clean up with OTL:
Double-click OTL to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[ClearAllRestorePoints]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered. When finsihed click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old Sytem Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.
Any left over merely delete yourself and empty the Recycle Bin.
Dakeyras
2013-03-17, 12:45
What was the outcome please ?
Also would you care for some online safety advice etc that you could in turn pass along to your friend and or merely provide the URL to my reply etc ? :)
Sorry for the delay. Had some family/social obligations.
I wanted to see if I could come up with a solution to the corrupted profile issue. The shut down his machine so my wife could shampoo the carpet. When I rebooted his icons started coming in with no delay. I can't explain it other than Microsoft sent out another update.
I'll finish up and get ack to you in an hour or so.
Specba
OTL gave me an error message when I ran Run Fix. The cleanup ran perfectly. The icon delay seems to be gone.
My plan is to set up Spybot to run from scheduled tasks.
The link will be good to your suggestions to avoid re-infection.
Dan depends so heavily on the computer that he is very likely to heed your advice.
I am also encouraging him to make a donation to keep the good work coming.
Specba
Dakeyras
2013-03-18, 10:23
Hi. :)
Prior two posts acknowledged...
If your friend wishes to donate, can click here (http://www.safer-networking.org/dl/donate/)
--------------
Regarding support for XP by Microsoft as a whole I mentioned about in a prior post...
Overall support is winding down for XP SP3. Support for Windows XP is ending on April 8, 2014. (http://windows.microsoft.com/en-us/windows/help/what-does-end-of-support-mean).
So once next year comes your friend will need to check(or check now, upgrade if possible) if the machine can be updated to any of the other Operating Systems:-
Windows Vista Upgrade Advisor (http://www.majorgeeks.com/Windows_Vista_Upgrade_Advisor_d5485.html)
Windows 7 Upgrade Advisor (http://windows.microsoft.com/is-is/windows/downloads/upgrade-advisor)
Windows 8 Upgrade Assistant (http://windows.microsoft.com/en-ie/windows-8/upgrade-assistant-advisor#1TC=t1)
In the event the machine does not meet the specifications for upgrading to any of the above Operating Systems my advice would be keep the machine off-line(as in no active internet connection) once Microsoft has discontinued support next year and merely use as a stand alone work-station for example as using a unsupported Operating System online is sure fire way for it to become badly compromised.
--------------
Now for the below is about the advice I mentioned about in post #62, fairly generic(part of my stock if you will) in nature but worth heeding in my humble opinion...
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least per once a week.
Other installed security software:
Your presently installed security application, Norton Internet Security(the actual AV component) automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also at least once per week.
Erunt:
Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or FileHippo (http://www.filehippo.com/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above!
Consider Installing WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here (http://www.winpatrol.com/download.html).
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).
Next:
This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/en-gb/security/default.aspx) as is this also: So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
Any questions? Feel free to ask, if not stay safe!
Once again I want to thank you for your patience and expertise. I will return his machine to him this afternoon.
I can set up much of what you suggest as a scheduled task, but I will take the time with Dan to go over your recommendations so he will understand what he needs to do.
My suggestion for him will be to go with Windows 7. Vista has too much overhead and I have not been impressed with Windows 8. I'm working part-time and we have had two Windows 8 machines deployed at work. It seems the interface was meant for a touch screen.
Specba
Dakeyras
2013-03-18, 10:57
Acknowledged and you're most welcome! :)
Windows 7(64 bit architecture) would be the most prudent to upgrade too in my humble opinion/if feasible.
With regards to Vista, must admit not particularly keen myself and often reminds me of the debacle that was Windows Me. As for Windows 8, well that for me is merely akin to a Android Operating System on steroids and far from user friendly in my point of view via a Anti-Malware support role. Though my son thinks it is great, kids eh! ;)
Dakeyras
2013-03-19, 12:43
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.