Page 4 of 7 FirstFirst 1234567 LastLast
Results 31 to 40 of 68

Thread: Hangs during bootup

  1. #31
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default OTL Lof from custom script

    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\Dan Kamin\Desktop\Less used\DVDFabDecrypter29.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\iLividSetup.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280 (1).exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\movie_player_1280.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SetupImgBurn_2.5.5.0.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\SoftonicDownloader_for_realplayer-sp.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\VLC_32.exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install(2).exe moved successfully.
    C:\Documents and Settings\Dan Kamin\My Documents\Downloads\youtube_flv_downloader_install.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dan Kamin
    ->Temp folder emptied: 950324 bytes
    ->Temporary Internet Files folder emptied: 6406358 bytes
    ->FireFox cache emptied: 43139774 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1203 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 249498 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 48.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03132013_195005

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_11d0.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  2. #32
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default OTL MSConfig

    OTL logfile created on: 3/13/2013 7:58:04 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.47% Memory free
    3.84 Gb Paging File | 3.24 Gb Available in Paging File | 84.48% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 72.32 Gb Free Space | 48.52% Space Free | Partition Type: NTFS

    Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
    PRC - [2013/03/07 23:53:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/12/12 13:11:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
    PRC - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
    PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
    PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/07 23:53:47 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2013/02/13 00:52:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll
    MOD - [2013/02/13 00:51:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
    MOD - [2013/02/13 00:45:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013/01/10 09:05:11 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
    MOD - [2013/01/10 09:03:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
    MOD - [2013/01/10 08:59:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
    MOD - [2013/01/10 08:49:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
    MOD - [2013/01/10 08:49:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
    MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/10/29 11:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
    MOD - [2010/10/29 11:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
    MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/03/12 22:04:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/07 23:53:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/08/29 14:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV - [2011/10/14 09:40:12 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
    SRV - [2010/04/07 16:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
    SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
    SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
    SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/23 18:14:50 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130313.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2013/01/23 18:14:50 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130313.002\NAVENG.SYS -- (NAVENG)
    DRV - [2013/01/23 18:14:49 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/05/02 18:21:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
    DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
    DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
    DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
    DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
    DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
    DRV - [2010/10/29 11:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/06/11 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2007/05/24 15:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/04/24 14:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/03/19 02:39:18 | 000,052,309 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
    DRV - [2007/03/01 17:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/01/15 23:44:46 | 000,011,986 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
    DRV - [2006/11/20 18:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2006/06/22 18:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2006/06/22 18:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0)
    DRV - [2006/06/22 18:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
    DRV - [2005/06/16 06:13:12 | 000,025,044 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
    DRV - [2005/06/16 06:11:58 | 000,024,784 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
    DRV - [2005/01/06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2000/02/08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
    FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/13 19:52:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]

    [2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
    [2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
    [2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
    [2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
    [2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-v...ex/ieatgpc.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
    MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
    MsConfig - StartUpReg: HPUsageTrackingLEDM - hkey= - key= - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
    MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
    MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
    MsConfig - StartUpReg: LVCOMSX - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    MsConfig - StartUpReg: MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    MsConfig - StartUpReg: MediaGet2 - hkey= - key= - File not found
    MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
    MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    MsConfig - StartUpReg: vProt - hkey= - key= - File not found
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/13 08:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/03/13 08:46:25 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/13 08:44:42 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
    [2013/03/12 22:04:27 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
    [2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
    [2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/27 22:12:57 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
    [2013/02/27 22:12:57 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
    [2013/02/27 22:12:57 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    [2013/02/27 22:12:57 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
    [2013/02/27 22:12:19 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
    [2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
    [2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
    [2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
    [2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
    [2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
    [2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/03/13 20:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/13 19:54:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/03/13 19:54:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/03/13 19:54:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/13 19:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
    [2013/03/13 19:51:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/13 19:27:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
    [2013/03/13 08:36:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
    [2013/03/13 08:27:03 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
    [2013/03/12 22:04:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/12 22:04:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/12 22:04:29 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
    [2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/11 09:50:25 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2013/03/11 09:07:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
    [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
    [2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
    [2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
    [2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
    [2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
    [2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
    [2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
    [2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
    [2013/02/24 22:40:31 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
    [2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 00:53:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
    [2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
    [2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
    [2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
    [2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
    [2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
    [2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
    [2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
    [2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
    [2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
    [2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
    [2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
    [2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
    [2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
    [2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
    [2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
    [2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
    [2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
    [2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
    [2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
    [2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
    [2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
    [2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
    [2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
    [2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
    [2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
    [2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\񀿉
    [2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

  3. #33
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default Farbar Log

    Farbar Service Scanner Version: 03-03-2013
    Ran by Dan Kamin (administrator) on 13-03-2013 at 20:37:18
    Running from "C:\Documents and Settings\Dan Kamin\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2010-12-28 16:47] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2004-08-04 06:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(10) Tcpip(4)
    0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
    IpSec Tag value is correct.

    **** End of log ****

  4. #34
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default One more thing.

    After I posted the last log files Microsoft loaded 6 updates when I shut down. The delay is now down to a little over 2 minutes.

    I know we are getting close. Thank you for your efforts so far.

    Specba

  5. #35
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    After I posted the last log files Microsoft loaded 6 updates when I shut down.
    Absolutely fine, Microsoft released some critical updates recently:-

    Microsoft Security Bulletin Summary for March 2013

    This is usually the first Tuesday of every month or close too, though not always some for XP as support is winding down for the Operating System as a whole but I will advise about this when I give the all clear.

    The delay is now down to a little over 2 minutes.

    I know we are getting close. Thank you for your efforts so far.
    Good and you're welcome!

    Enable MsConfig Items:

    Enable all previously disabled Start Up items via MsConfig as follows:-

    • Click on Start >> Run... type in msconfig >> click on OK, then once the System Configuration Utility GUI has loaded >> select Startup
    • Then click on Enable All >> Apply >> Close >> Restart

    StartUpLite:

    • Please download this small application from here to the desktop
    • It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

    Note: Any not removed we will address in due course.

    MsConfig Check:

    • Open Notepad.
    • Copy and Paste everything from the Code Box below into Notepad:

    Code:
    @echo off
    if exist C:\peek*.txt del /q C:\peek*.txt
    if exist C:\startup.txt del /q C:\startup.txt
    regedit /e C:\peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
    regedit /e C:\peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
    regedit /e C:\peek3.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services"
    type C:\peek*.txt >> C:\startup.txt
    del /q C:\peek*.txt
    start notepad C:\startup.txt
    del %0
    • Go to File >> Save As
    • Save File name as msconfig.bat
    • Change Save as Type to All Files and save the file to the Desktop.
    • It should look like this:

    Now double click on the desktop msconfig.bat to run the batch file. It will self-delete when completed and produce a notepad text file named startup.

    Note: It can also be located at the root of the hard-drive:- C:\startup.txt

    Re-scan with OTL:

    • Double-click on OTL.exe to start OTL.
    • Under Output, ensure that Minimal Output is selected.
    • Click the Scan All Users checkbox.
    • Now click on Quick Scan at the top left hand corner.
    • When done, one Notepad file will open.

    Next:

    When completed the above, please post back the following in the order asked for:

    • MsConfig Check Log.
    • New OTL Log.
    Last edited by Dakeyras; 2013-03-14 at 15:25. Reason: Formatting.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  6. #36
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default MSCONFIG.BAT log

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

  7. #37
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default OTL 3-14 Log

    OTL logfile created on: 3/14/2013 2:57:25 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dan Kamin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free
    3.84 Gb Paging File | 3.09 Gb Available in Paging File | 80.56% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 72.04 Gb Free Space | 48.33% Space Free | Partition Type: NTFS

    Computer Name: DAN | User Name: Dan Kamin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
    PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
    PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
    PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
    PRC - C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
    PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
    PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9fff30debe9b1ead7a0a9d204d331e7c\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\preflib.dll ()
    MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
    MOD - C:\WINDOWS\system32\HP1100LM.DLL ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll ()
    MOD - C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll ()
    MOD - C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll ()
    MOD - C:\Program Files\HP\HP UT LEDM\bin\LEDMXMLObjects.dll ()
    MOD - C:\Program Files\HP\HP UT LEDM\bin\DMBaseObjects.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\Program Files\WinRar.3.61\RarExt.dll ()
    MOD - C:\Program Files\Logitech\QuickCam10\QuickCam10Res.dll ()
    MOD - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
    MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
    MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
    SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
    SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
    SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
    SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
    SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130314.004\NAVEX15.SYS (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130314.004\NAVENG.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130312.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
    DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
    DRV - (mam4410u) -- C:\WINDOWS\system32\drivers\mam4410u.sys (Mobile Action Technology Inc.)
    DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
    DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
    DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
    DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
    DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
    DRV - (PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
    DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
    DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\mardp2k.sys (Mobile Action Technology Inc.)
    DRV - (mam4410m) -- C:\WINDOWS\system32\drivers\mam4410m.sys (Mobile Action Technology Inc.)
    DRV - (mam4410c) -- C:\WINDOWS\system32\drivers\mam4410c.sys (Mobile Action Technology Inc.)
    DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
    DRV - (ScFBPNT2) -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\SearchScopes\{912B7D87-D547-49C8-A25E-A3CD2BEDB017}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
    FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 09:04:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/03/14 14:45:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/12 13:13:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 23:53:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/12/29 13:00:56 | 000,000,000 | ---D | M]

    [2010/12/28 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Extensions
    [2013/03/06 00:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions
    [2012/11/30 08:28:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2012/02/01 18:40:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/03/06 00:42:02 | 000,555,719 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
    [2012/05/01 22:02:34 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\Dan Kamin\Application Data\Mozilla\Firefox\Profiles\3xyzcfc0.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
    [2013/03/07 23:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/07 23:53:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/01/19 12:20:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/27 00:06:12 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Entanglement = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Poppit = C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2013/03/11 19:58:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
    O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
    O4 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003..\Run: [MediaGet2] C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2\mediaget.exe --minimized File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1229272821-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/wbs27-v...ex/ieatgpc.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2156BD58-3B3C-4CD3-A109-47A08F329673}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDD524A-F20D-4F1D-8E27-46824759B739}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/14 14:52:00 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Dan Kamin\Desktop\startuplite-setup-1.07.exe
    [2013/03/13 20:36:41 | 000,354,265 | ---- | C] (Farbar) -- C:\Documents and Settings\Dan Kamin\Desktop\FSS.exe
    [2013/03/13 08:46:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/03/13 08:46:25 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/13 08:44:42 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
    [2013/03/12 12:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\RK_Quarantine
    [2013/03/11 19:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/03/10 11:50:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
    [2013/03/07 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/24 23:26:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
    [2013/02/24 23:04:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan Kamin\Start Menu\Programs\Administrative Tools
    [2013/02/24 23:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/02/24 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/02/24 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/02/24 23:01:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
    [2013/02/20 22:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Application Data\Malwarebytes
    [2013/02/20 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/20 22:55:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/20 22:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/17 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kamin\Desktop\Classical Clown Concert Proposal.key
    [2012/02/10 18:17:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/03/14 15:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/14 14:50:37 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Dan Kamin\Desktop\startuplite-setup-1.07.exe
    [2013/03/14 14:47:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/03/14 14:47:31 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/03/14 14:47:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/14 14:44:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
    [2013/03/14 14:44:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/14 14:43:32 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/03/14 14:27:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003UA.job
    [2013/03/14 14:21:22 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2013/03/14 09:52:50 | 000,002,421 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Adobe GoLive 5.0 (ENG).lnk
    [2013/03/14 08:27:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1500820517-682003330-1003Core.job
    [2013/03/14 08:18:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/03/13 20:35:50 | 000,354,265 | ---- | M] (Farbar) -- C:\Documents and Settings\Dan Kamin\Desktop\FSS.exe
    [2013/03/13 08:36:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Dan Kamin\Desktop\JRT.exe
    [2013/03/12 12:56:41 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
    [2013/03/11 19:58:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2013/03/11 19:21:34 | 000,457,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/11 19:21:34 | 000,076,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/10 16:54:42 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
    [2013/03/10 11:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kamin\Desktop\OTL.exe
    [2013/03/05 09:30:38 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\Google Chrome.lnk
    [2013/02/25 00:44:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
    [2013/02/24 23:23:33 | 000,004,599 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
    [2013/02/24 23:06:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dan Kamin\Desktop\aswMBR.exe
    [2013/02/24 23:01:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
    [2013/02/24 23:01:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
    [2013/02/24 22:59:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dan Kamin\Desktop\erunt-setup.exe
    [2013/02/20 22:55:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/17 17:20:10 | 001,252,238 | ---- | M] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
    [2013/02/13 09:18:20 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 00:53:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2013/03/14 14:43:29 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2013/03/14 14:43:29 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    [2013/03/12 12:57:51 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\RogueKiller.exe
    [2013/03/10 16:55:49 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\AdwCleaner.exe
    [2013/03/09 11:32:42 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/02/24 23:32:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\MBR.dat
    [2013/02/24 23:23:33 | 000,004,599 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\attach.zip
    [2013/02/24 23:01:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\NTREGOPT.lnk
    [2013/02/24 23:01:55 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\ERUNT.lnk
    [2013/02/24 22:40:22 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2013/02/24 22:40:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2013/02/20 22:55:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/20 22:31:02 | 000,000,211 | ---- | C] () -- C:\boot.ini
    [2013/02/18 00:35:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1500820517-682003330-1003.job
    [2013/02/17 23:43:33 | 001,252,238 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Desktop\index.apxl
    [2012/11/18 10:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2012/02/15 20:39:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/10 18:18:13 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\vso_ts_preview.xml
    [2012/02/10 18:17:01 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\inst.exe
    [2012/02/10 18:17:01 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.cat
    [2012/02/10 18:17:01 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\pcouffin.inf
    [2012/02/08 19:47:08 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2012/02/08 19:47:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2012/02/08 19:45:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
    [2011/12/13 17:46:56 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/10/14 14:02:53 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Comma Separated Values (Windows).ADR
    [2011/10/07 17:18:21 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
    [2011/10/04 18:32:08 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
    [2011/10/04 18:32:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
    [2011/10/04 18:31:34 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
    [2011/09/20 10:06:46 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2011/09/19 11:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
    [2011/09/15 11:05:09 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
    [2011/09/15 10:09:15 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
    [2011/08/25 11:54:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p08].bmp
    [2011/08/25 11:54:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p07].bmp
    [2011/08/25 11:54:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\[j0004]-[p06].bmp
    [2011/05/23 12:28:00 | 000,024,086 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Application Data\Tab Separated Values (DOS).ADR
    [2011/01/07 23:43:11 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.1.5-win32.exe
    [2010/12/29 15:30:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\񀿉
    [2010/12/29 01:45:18 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2011/02/02 00:07:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/02/16 12:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2010/12/30 18:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2010/12/28 19:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2012/02/08 20:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/09/28 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2010/12/28 23:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2010/12/29 01:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2012/02/10 23:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2012/08/22 21:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/02/12 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\ConverterLite
    [2012/09/14 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Dropbox
    [2012/01/23 15:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Garmin
    [2011/02/22 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\ImgBurn
    [2010/12/29 01:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Leadertech
    [2011/09/19 11:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\MobileAction
    [2012/08/22 14:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\OverDrive
    [2012/02/10 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\TeamViewer
    [2012/09/29 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Vso
    [2011/01/22 10:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\webex
    [2010/12/29 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Windows Desktop Search
    [2011/01/04 23:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Kamin\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >

  8. #38
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default Additional notes

    I got an access denied when I attempted to enable all items in his startup menu in MSCONFIG.

    Specba

  9. #39
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    I got an access denied when I attempted to enable all items in his startup menu in MSCONFIG.
    Not a problem I think, in this instance it may have just been that Norton Internt Security attempted to hinder the changes as apparently this can occur with XP and the aforementioned installed/active etc.

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

    Code:
    "C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\SN-Backup2
    And then click on OK.

    Custom OTL Script:

    • Double-click OTL.exe to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Commands
    [CreateRestorePoint]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemonl"=-
    "hpqSRMon"=-
    "HPUsageTrackingLEDM"=-
    "ITSecMng"=-
    "LogitechCommunicationsManager"=-
    "LogitechQuickCamRibbon"=-
    "MaxMenuMgr"=-
    "vProt"=-
    [HKEY_USERS\S-1-5-21-1229272821-1500820517-682003330-1003\Run]
    "MediaGet2"=-
    
    :Files
    C:\Program Files\AVG
    C:\Program Files\AVG Secure Search
    C:\Program Files\MediaGet2
    C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
    C:\Documents and Settings\Dan Kamin\Local Settings\Application Data\MediaGet2
    
    :Commands
    [ResetHosts]
    [EmptyTemp]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

    Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Malwarebytes Anti-Malware:

    • Launch the application, Check for Updates >> Perform quick scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Scan with TDSSKiller:

    Please download TDSSKiller to the desktop.

    • Double-click on TDSSKiller.exe to launch it.
    • When the window opens, click on Change Parameters
    • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
    • Click on Start Scan, the scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • A Report will have been created by TDSSKiller in the root directory C:\
    • To find the log go to Start >> My Computer > C:
    • Post the contents of that log in your next reply please.

    Note: Do not have TDSSKiller remove anything if found at this point in time!

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is the computer performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    • TDSSKiller Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  10. #40
    Member
    Join Date
    Apr 2009
    Location
    Pittsburgh, PA
    Posts
    74

    Default Icons still lag for 3 minutes

    The icons still lag for about 3 minutes before they come in. This might be the best we can do.

    HP printer software insisted on installing after OTL ran.

    Specba

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •