Hangs during bootup

[Dakeyras]

Hi.

The machine still hangs 3-4 minutes between when the background comes up and the desktop icons come in. It's an improvement over the 10-15 minutes it was taking.

Acknowledged, the results of the file submission are good so no further action is required with regard to that.

Scan with RogueKiller:

Please download RogueKiller to the desktop

Alternate downloads are here or here.

• Quit all running programs.
• Double-click on RogueKiller.exe to start the application.
• Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
• Now click on the Scan tab back in the RogueKiller main window.
• The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
• Please post the contents of the RKreport.txt in your next reply.

Hard-Drive Maintenance/Repair:

Note: For the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click Start >> Run and type cleanmgr in the box and click on OK.

• Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
• You can choose to check other boxes if you wish but they are not required.
• Click on OK then Yes.

Next:-

• Click Start >> Run... then type in CMD and click on OK.
• At the Command Prompt C:\ > type the following:
• CD C:\ and hit the Enter/Return key.
• Now type in DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
• This may take some time, when completed the Command Prompt C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:



Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and the computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable the currently installed Anti-Virus, how to do so can be read here.

• Please click here to run the scan...
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

1. Scan for potentially unwanted applications
2. Scan for potentially unsafe applications
3. Enable Anti-Stealth Technology

• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

Next:

When completed the above, please post back the following in the order asked for:

• How is the computer performing now, any further symptoms and or problems encountered?
• RogueKiller Log.
• Eset online scanner log.

[Specba]

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dan Kamin [Admin rights]
Mode : Scan -- Date : 03/12/2013 13:00:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x894FDDB0)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A1BE0A8)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A1A5008)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8950AB58)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A045550)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x8951DDB0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x894F4788)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A1C3BD8)
SSDT[57] : NtDebugActiveProcess @ 0x80643BA8 -> HOOKED (Unknown @ 0x8950BA98)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A1C0B38)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89C7D698)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A1D5DD8)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x894FDCF0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A03A9C0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A268590)
SSDT[114] : NtOpenEvent @ 0x8060F0D6 -> HOOKED (Unknown @ 0x8951DCF0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A1C4100)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8937E290)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8950D900)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A1C0C08)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8950AA88)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A1BE008)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A1C3DC0)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A234E90)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x8950BB58)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8950D9C0)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A1C2F48)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A1ECDF0)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A21EC30)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x895202F0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89C7D768)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A3BCB48)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A206DD0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A2807C0)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A2A3A18)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A284D88)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A3FEE68)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A2A54C8)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A1AB2F0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A282D48)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A23E8A8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160314AS +++++
--- User ---
[MBR] 735558283eb882d10429f4baef6de194
[BSP] 2f3e1d68fd4dad25f7b87b4131285341 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03122013_02d1300.txt >>
RKreport[1]_S_03122013_02d1300.txt

[Dakeyras]

Post/reply acknowledged.

[Specba]

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7daaa265876f749b0dc2d8e0c012bcd
# engine=13369
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-12 10:22:16
# local_time=2013-03-12 06:22:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3588 16777214 85 82 12488697 66098142 0 0
# scanned=77624
# found=10
# cleaned=0
# scan_time=3877
sh=EFA4A1D09F463DE8FBDAA77302A3FCA9CAAECB58 ft=1 fh=4b233ba19392a77a vn="Win32/Agent.QUN trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe"
sh=975413B1D1B3350935BACAD6BE47523CBE9A4713 ft=1 fh=64b2a1b8aaa50cda vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe"
sh=D8C6C36BE062DDB6DA6143CA47B17696499F3A08 ft=1 fh=4357cb53d18b2b85 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe"
sh=D8C6C36BE062DDB6DA6143CA47B17696499F3A08 ft=1 fh=4357cb53d18b2b85 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe"
sh=CB4261711672E52A00A2A0077524B5D0E3C454DA ft=1 fh=a6a0163d0f5f569d vn="a variant of Win32/SoftonicDownloader.A application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe"
sh=CA4C9C88A966288F95C2676C08E613D5CD49E023 ft=1 fh=94c4eed788bab239 vn="a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe"
sh=4A52B7BE6540823D90C41974149498CDDDCC55A6 ft=1 fh=72607ddad7436d9d vn="probably a variant of Win32/Agent.BDXASRA trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe"
sh=4A52B7BE6540823D90C41974149498CDDDCC55A6 ft=1 fh=72607ddad7436d9d vn="probably a variant of Win32/Agent.BDXASRA trojan" ac=I fn="C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe"
sh=5F903E0086A381B64E6CABCC69F836A9FFC0A3C1 ft=1 fh=d066d81b435b405c vn="a variant of Win32/HackTool.Patcher.A application" ac=I fn="C:\Program Files\WinRar.3.61\Patch.exe"

[Specba]

It still hangs for about 4 minutes before the icons come in during bootup. Even the clock readout in the taskbar freezes until the icons come in.

[Dakeyras]

Hi.

It still hangs for about 4 minutes before the icons come in during bootup. Even the clock readout in the taskbar freezes until the icons come in.

Acknowledged...We will address the results of the online scan, plus another round of in-depth system maintenance may help the overall situation and one more specific scan taking into account what was detected by the aforementioned online scan.

Next:

Run another custom OTL script using the below, most are false positive detections/borderline but no real need for them as merely installers and one is outright malicous etc.

Code:

:Files
C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe

:Commands
[EmptyTemp]

Scan with JRT:

Please download Junkware Removal Tool to the desktop.

Note: Temp shut down the protection software now to avoid potential conflicts, how to do so can be read here.

• Doube-click on JRT.exe to launch the application.
• The tool will open and start scanning the system.
• Please be patient as this can take a while to complete depending on the system's specifications.
• On completion, a log (JRT.txt) is saved to the desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Note: Reboot the machine and ensure all disabled security software is now enabled etc.

Next:

Run through the Hard-Drive Maintenance/Repair routine again as outlined in post #21, except this time merely perform both the defrag' and check-disk.

Next:

When completed the above, please post back the following in the order asked for:

• How the computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• Junkware Removal Tool Log.

[Specba]

It is still hanging about 3-4 minutes on boot up.

[Specba]

OTL logfile created on: 3/13/2013 8:24:05 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.74% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 72.40 Gb Free Space | 48.58% Space Free | Partition Type: NTFS

Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/12 22:04:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130312.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/23 18:14:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130312.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/13 08:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Dan Kamin\Application Data\NetAssistant\ [2011/01/07 23:17:24 | 000,000,000 | ---D | M]

[2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
[2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
[2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-v...ex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 22:04:27 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
[2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
[2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
[2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
[2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/13 08:27:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
[2013/03/13 08:27:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
[2013/03/13 08:19:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 08:18:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/03/13 08:17:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/13 08:15:27 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/13 08:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/12 22:04:42 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 22:04:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 22:04:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 22:04:29 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 09:50:25 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/03/11 09:07:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
[2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
[2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
[2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
[2013/02/24 22:40:31 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 00:53:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
[2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
[2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
[2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
[2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
[2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
[2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
[2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
[2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
[2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
[2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
[2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
[2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
[2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
[2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
[2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
[2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
[2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
[2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
[2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
[2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Ÿ9Ÿ9
[2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :Files >

< C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe >
[2011/05/22 11:30:05 | 001,589,364 | ---- | M] (Fengtao Software Inc. ) -- C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe >
[2012/11/24 23:08:55 | 001,302,424 | ---- | M] (Bandoo Media Inc) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe >
[2012/03/20 23:04:24 | 001,667,264 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe >
[2012/03/20 23:04:18 | 001,667,264 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe >
[2011/02/11 09:18:45 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe >
[2010/12/30 14:36:07 | 000,293,160 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe >
[2011/01/07 23:14:57 | 002,174,584 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe >
[2009/08/07 18:01:19 | 006,156,304 | ---- | M] (Moyea Software Co., LTD ) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe

< C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe >
[2009/08/07 17:50:33 | 006,156,304 | ---- | M] (Moyea Software Co., LTD ) -- C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe

< >

< :Commands >

< [EmptyTemp] >

< End of report >

[Specba]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Microsoft Windows XP x86
Ran by Dan Kamin on Wed 03/13/2013 at 8:46:44.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Dan Kamin\Application Data\netassistant"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{1266764d-fc4f-4fa7-b63b-884d53b1680f}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/13/2013 at 8:55:00.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Dakeyras]

Hi.

You actually ran a custom OTL scan as opposed to a custom OTL script, not a problem though and my apologies if you misunderstood what I was advising/asking for etc.

Custom OTL Script:

• Double-click on OTL.exe to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files
C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe
C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe

:Commands
[EmptyTemp]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Going back to this you posted:-

I went into msconfig and deselected everything in the start menu. I got an error message saying I needed admin privileges to make the changes. The menu still showed all items deselected after a reboot. That menu had several unnamed entries.

I would like to check what exactly was disabled as follows and the current overall settings...

• Double-click on OTL.exe to start the program.
• Now click on the None button.
• Under the Custom Scan/Fixes box cut & paste this in:-

msconfig

• Click on Run Scan button.
• When done, one Notepad file will open.
  
  • OTL.txt <-- Will be opened
• Please post the contents of this Notepad file in your next reply.

Scan with FSS:

Please download Farbar Service Scanner and save to the desktop.

• Double-click FSS.exe to start the program.
• Select all available options
• Then click on the Scan tab.
• When the scan is complete, it will produce a log named FSS.txt.
• Post the contents in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• OTL Log from the Custom Script.
• New OTL Log from the Custom Scan.
• Farbar Service Scanner Log.