Jump to content
Sign in to follow this  
#FNK-346811

HJT Log Per Potential Virus Issue

Recommended Posts

Hello Jeff,

 

Did some research on the 'keygen-nero' thing. As far as 'nero', I doubt that I have used the program, unless it operated anonymously (i.e., I do not 'burn' CD's). Most of my work is with Excel, Word, and email.

 

In relation to the term 'keygen', not really computer-sophisticated enough to comprehend how it works. So, after a search with the word 'keygen', I found 9 files with the term which, I could delete myself -- but, will await your fix.

 

If it appears that I might lose some data (word, excel, photos) affiliated with the keygen-nero removal (fix), please inform me of those files so that I may put them on a USB. Please also inform me of the targets for removal, if possible.

 

Am unaware of how the program 'nero' and its folders became a part of this computer.

 

Kind regards

Share this post


Link to post
Share on other sites

Hi,

 

I apologize for my late response. I had a crazy couple of days at work.

 

There seems to be problems with the Nero program. Since you said you never used it there should not be any problems.

-----------

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    
    SRV - (wltrysvc) -- File not found
    SRV - (PEVSystemStart) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- File not found
    SRV - (AppMgmt) -- File not found
    
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    [2011/08/09 12:20:53 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml
    
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    [2010/04/21 21:36:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    
    :Files
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero-7.0.1.2_eng.exe
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero-7.9.6.0_eng_update.exe
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\read first.txt
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\embrace.nfo
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\file_id.diz
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\keygen.exe
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\file_id.diz
    c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\paradox.nfo
    
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

Hello Jeff,

 

No worries on the busy thing. I Appreciate the help.

 

Below is the text/log results from your copy-n-paste instructions. I am assuming that on the follow-up and today's second scan, that 'Purity' and 'LOP' checks should be utilized as in the very first OTL scan of a day or two ago.

 

Will post today's second promptly.

 

Kind regards

 

 

 

OTL logfile created on: 11/18/2011 8:49:36 AM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 89.31% Memory free

4.84 Gb Paging File | 4.73 Gb Available in Paging File | 97.91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 204.39 Gb Free Space | 87.77% Space Free | Partition Type: NTFS

 

Computer Name: LT1 | User Name: user | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\My Documents\Downloads\OTL (2).exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wltrysvc) -- File not found

SRV - (PEVSystemStart) -- File not found

SRV - (Lavasoft Ad-Aware Service) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\navex15.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\naveng.sys (Symantec Corporation)

DRV - (RapportCerberus_29574) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (OEM02Afx) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys (Creative Technology Ltd.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 34 38 96 26 37 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Documents and Settings\user\Desktop\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:51:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 11:52:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/23 10:39:24 | 000,000,000 | ---D | M]

 

[2009/05/14 14:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2011/08/16 12:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\staged-xpis

[2011/08/09 12:20:53 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml

[2011/09/28 08:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 08:32:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/08/06 18:59:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/03/22 09:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/09/29 07:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2009/07/09 09:46:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll

[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\Player\npvlc.dll

CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\VLCBroadcast\npvbp.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\plugins\npVeetle.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AVG Safe Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\

CHR - Extension: Click to call with Skype = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

 

O1 HOSTS File: ([2011/11/14 01:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe File not found

O4 - HKCU..\Run: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe File not found

O4 - HKLM..\RunOnce: [AvgRemover] C:\Documents and Settings\user\My Documents\Downloads\avg_remover_stf_x86_2011_1322 (2).exe /run_number=2 File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: google.com ([maps] http in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241708657842 (WUWebControl Class)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241709943717 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://129.65.176.6/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF71EF11-A33E-4FE0-9968-D44B38817271}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/07 07:42:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/17 10:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerPlayer For Prediction

[2011/11/14 16:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PCFix

[2011/11/14 16:32:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/14 16:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/11/14 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/11/14 11:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/11/14 11:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/14 11:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/14 11:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/11/14 11:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/11/14 11:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ConsumerSoft

[2011/11/14 11:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop

[2011/11/14 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotto PowerPlayer Pro II

[2011/11/14 01:21:32 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/14 01:19:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/14 01:19:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/14 01:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/14 01:19:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/14 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/14 01:18:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/18 08:42:10 | 000,573,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/18 08:42:10 | 000,125,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/18 08:38:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/18 08:37:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/14 14:36:53 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/14 13:58:00 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/14 13:53:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/14 13:50:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/14 13:28:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004UA.job

[2011/11/14 13:24:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/14 12:28:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004Core.job

[2011/11/14 11:51:55 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:53:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/14 01:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/14 01:21:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/14 11:51:55 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:21:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/14 01:21:32 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/14 01:19:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/14 01:19:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/14 01:19:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/14 01:19:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/14 01:19:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/10/01 18:25:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat

[2011/04/21 16:08:41 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DosHlpLnk.ini

[2011/04/21 16:08:30 | 000,002,750 | ---- | C] () -- C:\WINDOWS\LottoBuster.ini

[2011/04/09 08:21:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/04/09 08:21:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2010/09/21 23:43:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/04/21 21:36:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/05 08:57:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache

[2009/12/23 10:38:31 | 000,023,097 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2009/12/22 20:30:30 | 000,010,704 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat

[2009/09/01 19:21:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/05/16 14:00:08 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/14 17:12:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/05/14 14:52:05 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll

[2009/05/14 14:52:04 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll

[2009/05/14 14:52:04 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2009/05/14 14:14:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2009/05/14 14:03:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/05/07 16:50:33 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2009/05/07 16:50:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2009/05/07 16:50:33 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2009/05/07 07:44:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/05/07 07:39:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/05/07 03:35:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/05/07 03:34:12 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,573,092 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,125,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

 

========== Custom Scans ==========

 

 

< :Services >

 

< >

 

< :OTL >

 

< >

 

< SRV - (wltrysvc) -- File not found >

 

< SRV - (PEVSystemStart) -- File not found >

 

< SRV - (Lavasoft Ad-Aware Service) -- File not found >

 

< SRV - (AppMgmt) -- File not found >

 

< >

 

< FF - prefs.js..browser.search.defaultengine: "Ask.com" >

 

< FF - prefs.js..browser.search.defaultenginename: "Ask.com" >

 

< FF - prefs.js..browser.search.order.1: "Ask.com" >

 

< FF - prefs.js..browser.search.selectedEngine: "Ask.com" >

 

< [2011/08/09 12:20:53 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml >

Invalid Switch: 09 12:20:53 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml

 

 

< >

 

< O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found. >

 

< O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. >

 

< >

 

< [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >

 

< [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

 

< >

 

< [2010/04/21 21:36:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >

Invalid Switch: 21 21:36:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

 

< >

 

< :Files >

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero-7.0.1.2_eng.exe >

[2005/11/01 00:14:00 | 104,967,688 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\Nero-7.0.1.2_eng.exe

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero-7.9.6.0_eng_update.exe >

[2007/05/29 11:03:50 | 180,351,392 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\Nero-7.9.6.0_eng_update.exe

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\read first.txt >

[2005/12/18 23:13:11 | 000,000,175 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\READ FIRST.txt

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\embrace.nfo >

[2005/09/26 04:29:42 | 000,018,821 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\embrace.nfo

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\file_id.diz >

[2005/09/26 04:33:48 | 000,000,435 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\file_id.diz

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\keygen.exe >

[2005/09/26 03:04:12 | 000,117,760 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\keygen.exe

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\file_id.diz >

[2005/09/16 00:34:12 | 000,000,400 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\file_id.diz

 

< c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\paradox.nfo >

[2005/09/16 00:34:12 | 000,011,113 | ---- | M] () -- c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\Paradox.nfo

 

< >

 

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

 

< >

 

< :Commands >

 

< [purity] >

 

< [emptytemp] >

 

< [start explorer] >

 

< [Reboot] >

 

< End of report >

Share this post


Link to post
Share on other sites

OTL logfile created on: 11/18/2011 9:17:33 AM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 90.24% Memory free

4.84 Gb Paging File | 4.75 Gb Available in Paging File | 98.22% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 204.39 Gb Free Space | 87.77% Space Free | Partition Type: NTFS

 

Computer Name: LT1 | User Name: user | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\My Documents\Downloads\OTL (3).exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wltrysvc) -- File not found

SRV - (PEVSystemStart) -- File not found

SRV - (Lavasoft Ad-Aware Service) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\navex15.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\naveng.sys (Symantec Corporation)

DRV - (RapportCerberus_29574) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (OEM02Afx) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys (Creative Technology Ltd.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 34 38 96 26 37 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Documents and Settings\user\Desktop\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:51:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 11:52:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/23 10:39:24 | 000,000,000 | ---D | M]

 

[2009/05/14 14:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2011/08/16 12:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\staged-xpis

[2011/08/09 12:20:53 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml

[2011/09/28 08:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 08:32:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/08/06 18:59:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/03/22 09:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/09/29 07:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2009/07/09 09:46:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll

[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\Player\npvlc.dll

CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\VLCBroadcast\npvbp.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Documents and Settings\user\Desktop\Veetle\plugins\npVeetle.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AVG Safe Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\

CHR - Extension: Click to call with Skype = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

 

O1 HOSTS File: ([2011/11/14 01:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - No CLSID value found.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe File not found

O4 - HKCU..\Run: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe File not found

O4 - HKLM..\RunOnce: [AvgRemover] C:\Documents and Settings\user\My Documents\Downloads\avg_remover_stf_x86_2011_1322 (2).exe /run_number=2 File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: google.com ([maps] http in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241708657842 (WUWebControl Class)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241709943717 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://129.65.176.6/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF71EF11-A33E-4FE0-9968-D44B38817271}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/07 07:42:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/17 10:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerPlayer For Prediction

[2011/11/14 16:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PCFix

[2011/11/14 16:32:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/14 16:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/11/14 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/11/14 11:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/11/14 11:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/14 11:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/14 11:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/11/14 11:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/11/14 11:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ConsumerSoft

[2011/11/14 11:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop

[2011/11/14 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotto PowerPlayer Pro II

[2011/11/14 01:21:32 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/14 01:19:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/14 01:19:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/14 01:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/14 01:19:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/14 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/14 01:18:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/18 09:16:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/18 09:15:10 | 000,573,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/18 09:15:10 | 000,125,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/18 09:10:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/14 14:36:53 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/14 13:58:00 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/14 13:53:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/14 13:50:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/14 13:28:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004UA.job

[2011/11/14 13:24:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/14 12:28:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004Core.job

[2011/11/14 11:51:55 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:53:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/14 01:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/14 01:21:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/14 11:51:55 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:21:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/14 01:21:32 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/14 01:19:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/14 01:19:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/14 01:19:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/14 01:19:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/14 01:19:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/10/01 18:25:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat

[2011/04/21 16:08:41 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DosHlpLnk.ini

[2011/04/21 16:08:30 | 000,002,750 | ---- | C] () -- C:\WINDOWS\LottoBuster.ini

[2011/04/09 08:21:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/04/09 08:21:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2010/09/21 23:43:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/04/21 21:36:43 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/05 08:57:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache

[2009/12/23 10:38:31 | 000,023,097 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2009/12/22 20:30:30 | 000,010,704 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat

[2009/09/01 19:21:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/05/16 14:00:08 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/14 17:12:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/05/14 14:52:05 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll

[2009/05/14 14:52:04 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll

[2009/05/14 14:52:04 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2009/05/14 14:14:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2009/05/14 14:03:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/05/07 16:50:33 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2009/05/07 16:50:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2009/05/07 16:50:33 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2009/05/07 07:44:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/05/07 07:39:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/05/07 03:35:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/05/07 03:34:12 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,573,406 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,125,956 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

 

========== LOP Check ==========

 

[2011/09/30 14:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/01/30 14:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/09/29 13:32:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/07/02 14:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO

[2010/01/30 14:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE

[2009/05/18 14:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync

[2011/10/01 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/11/14 11:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/05/25 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyMay

[2011/06/14 09:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2011/02/18 09:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/08/07 11:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/09/30 14:29:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

[2011/10/01 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG

[2011/09/30 08:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012

[2009/09/11 11:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/14 11:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ConsumerSoft

[2011/06/28 20:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Data Solutions

[2010/01/30 14:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlobalSCAPE

[2011/07/02 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\go

[2009/05/18 14:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HotSync

[2011/11/14 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PCFix

[2010/05/25 21:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PrettyMay

[2011/06/14 09:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trusteer

[2009/09/29 17:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\UDC Profiles

[2009/12/31 00:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search

[2010/01/19 12:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search

 

========== Purity Check ==========

 

 

 

< End of report >

Share this post


Link to post
Share on other sites

BTW Jeff...the 'Nero' thing is still showing in a folder within C:\Local Disk Setups. In also checking, 'Nero' does not show in the "Start-All Programs' area. Should I send the Nero file to the Recycle bin and empty?

 

Kind regards

Share this post


Link to post
Share on other sites

Hi #FNK-346811,

 

I think when you ran the fix I provided for you you may have pressed Run Scan instead of Run Fix. Please go back to Post 28 and follow those instructions and be sure to press Run Fix this time. :)

Share this post


Link to post
Share on other sites

...apologies Jeff...I often wonder why I stumble into the restroom when searching for the Human Resources office...see (first) log below:

 

 

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Service wltrysvc stopped successfully!

Service wltrysvc deleted successfully!

File File not found not found.

Service PEVSystemStart stopped successfully!

Service PEVSystemStart deleted successfully!

File File not found not found.

Service Lavasoft Ad-Aware Service stopped successfully!

Service Lavasoft Ad-Aware Service deleted successfully!

File File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File File not found not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Ask.com" removed from browser.search.selectedEngine

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET64A.tmp deleted successfully.

C:\WINDOWS\System32\SET64C.tmp deleted successfully.

C:\WINDOWS\System32\SET65A.tmp deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== FILES ==========

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\Nero-7.0.1.2_eng.exe moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\Nero-7.9.6.0_eng_update.exe moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\READ FIRST.txt moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\embrace.nfo moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\file_id.diz moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from embrace\keygen.exe moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\file_id.diz moved successfully.

c:\setups\nero 7.0.1.2 ultra edition with keygen - english\nero 7 keygen from paradox\Paradox.nfo moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\user\My Documents\Downloads\cmd.bat deleted successfully.

C:\Documents and Settings\user\My Documents\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 2836 bytes

 

User: Administrator.LT1.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 43783 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: user

->Temp folder emptied: 29534517 bytes

->Temporary Internet Files folder emptied: 1334603 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 58569583 bytes

->Google Chrome cache emptied: 8985564 bytes

->Apple Safari cache emptied: 19755008 bytes

->Flash cache emptied: 6304 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7265814 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 323308292 bytes

 

Total Files Cleaned = 428.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_104751

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Follow-up scan (without LOP & Purity):

 

 

 

OTL logfile created on: 11/18/2011 10:58:21 AM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 90.05% Memory free

4.84 Gb Paging File | 4.75 Gb Available in Paging File | 98.17% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 204.68 Gb Free Space | 87.89% Space Free | Partition Type: NTFS

 

Computer Name: LT1 | User Name: user | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\My Documents\Downloads\OTL (6).exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\navex15.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111113.005\naveng.sys (Symantec Corporation)

DRV - (RapportCerberus_29574) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ()

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (OEM02Afx) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys (Creative Technology Ltd.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 34 38 96 26 37 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Documents and Settings\user\Desktop\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\plugins\npVeetle.dll File not found

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Documents and Settings\user\Desktop\Veetle\Player\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 11:51:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 11:52:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/23 10:39:24 | 000,000,000 | ---D | M]

 

[2009/05/14 14:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2011/08/16 12:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2009/09/22 22:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\g1g0dhdp.default\extensions\staged-xpis

[2011/09/28 08:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 08:32:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/08/06 18:59:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/03/22 09:59:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/09/29 07:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2009/07/09 09:46:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll

[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

 

========== Chrome ==========

 

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\13.0.782.218\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Click to call with Skype = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

 

O1 HOSTS File: ([2011/11/14 01:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [DefragReminder] C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe File not found

O4 - HKCU..\Run: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: google.com ([maps] http in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241708657842 (WUWebControl Class)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (Reg Error: Key error.)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241709943717 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://129.65.176.6/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF71EF11-A33E-4FE0-9968-D44B38817271}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/user/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/07 07:42:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/18 10:47:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/11/17 10:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerPlayer For Prediction

[2011/11/14 16:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PCFix

[2011/11/14 16:32:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/11/14 16:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/11/14 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/11/14 11:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/11/14 11:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/14 11:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/14 11:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/11/14 11:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/11/14 11:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ConsumerSoft

[2011/11/14 11:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop

[2011/11/14 10:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotto PowerPlayer Pro II

[2011/11/14 01:21:32 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/14 01:19:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/14 01:19:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/14 01:19:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/14 01:19:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/14 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/14 01:18:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/18 10:53:56 | 000,574,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/18 10:53:56 | 000,126,322 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/18 10:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/18 10:36:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/18 10:12:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/14 13:58:00 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/14 13:53:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/14 13:50:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/14 13:28:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004UA.job

[2011/11/14 13:24:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/14 12:28:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1563985344-1606980848-1004Core.job

[2011/11/14 11:51:55 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:53:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/14 01:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/14 01:21:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

 

========== Files Created - No Company Name ==========

 

[2011/11/14 11:51:55 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/11/14 11:48:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/11/14 10:42:24 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\user\Desktop\PowerPlayer Pro.lnk

[2011/11/14 01:21:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/14 01:21:32 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/14 01:19:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/14 01:19:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/14 01:19:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/14 01:19:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/14 01:19:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/10/01 18:25:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/09/30 09:22:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat

[2011/04/21 16:08:41 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DosHlpLnk.ini

[2011/04/21 16:08:30 | 000,002,750 | ---- | C] () -- C:\WINDOWS\LottoBuster.ini

[2011/04/09 08:21:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/04/09 08:21:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2010/09/21 23:43:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/02/05 08:57:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache

[2009/12/23 10:38:31 | 000,023,097 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2009/12/22 20:30:30 | 000,010,704 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat

[2009/09/01 19:21:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/05/16 14:00:08 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/14 17:12:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/05/14 14:52:05 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll

[2009/05/14 14:52:04 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll

[2009/05/14 14:52:04 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2009/05/14 14:14:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2009/05/14 14:03:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/05/07 16:50:33 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2009/05/07 16:50:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2009/05/07 16:50:33 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2009/05/07 07:44:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/05/07 07:39:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/05/07 03:35:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/05/07 03:34:12 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 07:00:00 | 000,574,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 07:00:00 | 000,126,322 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

 

< End of report >

Share this post


Link to post
Share on other sites

Hi,

 

There we go. That is what I was looking for. :)

-------------

 

 

I see that you have Malwarebytes on your computer. Please open Malwarebytes, update it and then run a Quick Scan. There will be a log created that I will need in your next reply.

----------

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/

----------

 

In your next reply please post the logs created by Malwarebytes and ESET online scan. :)

Share this post


Link to post
Share on other sites

Hello Jeff,

 

Thank you for your continued support.

 

So, ran the ESET online scan. The program jammed/stopped at 50%. it spent several minutes at Adaware.exe (which, I had supposed was uninstalled); microsoft 'silverlight'...4.0 6053.npctrl.dlr; and, Palm alarm manager. In previous attempts with a host of other programs, including AVG and PCPitStop, I recollect, the computer being 'jammed' or 'frozen' at these points.

 

The Palm entry is especially of interest due my clicking-on the Palm icon several weeks ago and initiating the current issues. Microsoft 'anything' (i.e., Malicious Software Removal Tool, updates, etc.) are also programs wherein the computer freezes.

 

Just prior to a computer message an 'Alert' box opened (a type of that i have never seen) and stated that the computer was 'shutting down'. However the ESET scanner broke through the Silverlight setting and continued to scan prior to the 'freeze. message.

 

The computer 'freeze' message is:

 

IRQL_NOT_LESS_OR_EQUAL

 

"If this is the first time...Disable Bios..."

 

Stop: 0x0000000A (0X00000016, 0X0000001C, 0X00000000, 0X804E5E11)

 

Most important, is that I was able to write down two (2) 'Threats' that ESET found. They are:

 

1) variant of win32/installcore.d application; and,

 

2) variant of win32/adware.:bryte.application

 

No log was provided due to the 'shutdown'. The 'Malwarebytes' log is attached.

 

Please advise.

 

Kind regards

mbam-log-2011-11-18 (14-30-27).txt

Share this post


Link to post
Share on other sites

Ok lets try this instead and see where we get. :)

 

Do an online scan with BitDefender QuickScan.

Please be patient as scanning may take some time. If you have problem running the scan, you might want to disable any real time protection that you have.

  • Click here to go to BitDefender QuickScan page.
  • For Firefox users:

    • Click on Free Scan Now. You will be prompted to install a plug-in. Please Allow. In case you get stuck, please refresh the page to try again.
    • A Software Installation window will appear. Click Install Now and the plugin will be installed as an Add-on.
    • Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.
  • For Internet Explorer users:

    • Click on Free Scan Now. You will be prompted to install an ActiveX control. Please install.
    • The page will refresh. Click on Free Scan Now again and proceed accordingly.
  • When scan has completed, click on View report and a Notepad log shall open.
  • If there are any infections found, you will get a warning and the link to the report will be displayed as the number of infections. Click on it.
  • Post back the contents of this report. It can also be found at C:\Documents and Settings\<username>\Application Data\QuickScan, <username> is the Windows log-in name.

Share this post


Link to post
Share on other sites

Hello Jeff,

 

As an exercise, I input a 'Search' for 'Silverlight'. Two (2) items showed in the box. I clicked-on the 'Micro Silverlight" and voila! The computer froze in 'Safe' mode as it does so in Normal.

 

However, logged-in Safe again and performed the above search. Eight (8) items now show in the search box. Does a relationship exist between ESET's scanner stalling at the 'Silverlight' file(s), BitDefender's inability to scan same, and the computer freezing upon clicking on the S'light program?

 

Good luck.

 

Best regards

Share this post


Link to post
Share on other sites

...and, when comparing apples-to-apples one of the Silverlight files (C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Silverlight) to others in the 'Application Data' one, there is the appearance of a group of wierd #&*% files within the Silverlight Application -- but only looking and not 'touching' anything until I receive instruction...

 

Kindest

Share this post


Link to post
Share on other sites

Hi,

 

Let's try this. Silverlight may be corrupted.

 

 

Please do the following:

 

Hold down the Windows key and press R to open a run box

type the following text into the run box

 

appwiz.cpl

 

This will open your Programs And Features. A list of installed programs will populate

 

Remove the following programs:

 

Microsoft Silverlight

 

Reboot your system.

----------

 

Once you get that uninstalled try to run a scan with ESET again. Be sure to turn your security programs off while ESET is running. :)

Share this post


Link to post
Share on other sites

Hi Jeff,

 

After running a Bit scan, uninstalled then, reinstalled Chrome, updated Symantec, rebooted and scanned with Symantec. Symantec did find threats but I cannot locate a log.

 

However, I rebooted once again. Symantec opened it's 'Tamper' protection. Briefing is below:

 

----------------------------------------------------------------------------

 

 

SYMANTEC TAMPER PROTECTION ALERT

 

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Event Info: Open Process

Action Taken: Blocked

Actor Process: C:\Program Files\Java\jre6\bin\jqs.exe (PID 612)

Time: Saturday, November 19, 2011 10:46:37 PM

 

-----------------------------------------------------------------------------

EOR

 

The above 'Target' is one of, and approximately, where most, but not all, scanners freeze. I located the Java file and the 'jqs' icon. Although, the icon is not labeled as 'exe'. I have not gone any further.

 

In relation, I am processing in normal mode for the moment, without interruption or freezing. Please advise on the above.

 

Kind regards

Share this post


Link to post
Share on other sites

Hi #FNK-346811,

 

Lets run sfc /scannow

 

Go to Start > Run > type CMD and this will open the command prompt window. Copy/paste the following text in the code box into the command prompt window and then press Enter. There will be instructions in the command prompt window when complete of the location to the log that is created. Please post the log into your next reply if one is created. :)

 

sfc /scannow

Share this post


Link to post
Share on other sites

Hi,

 

Go ahead and run sfc /scannow as posted above. When complete lets remove all of java by going to your Control Panel and uninstalling everything with Java in it. Once that is complete lets reinstall Java from here. Choose Windows x86 Offline as the version to download and install. :)

Share this post


Link to post
Share on other sites

Hello Jeff,

 

Just prior to Replys No 45-6, I processed the uninstall/reinstall process of Java. Also, since being in 'normal' Microsoft' was able to update the computer with two (2) service packs for MS Office and IE 8, among several others.

 

One of the processes MS ran was a 'Malicious Software' removal scan. This is interesting because due the current issue, the MS malicious software can would also freeze. This time it ran its course without a freeze and all service packs and updates were installed.

 

Also, I processed a un/install for Itunes 10.5, as a window popped up stating that Java and Itunes were missing a link of sorts and needed an update. Skype also has a window to 'update' the program. I know for sure, that I was current on the updates for Itunes and Skype. Have yet to rerun an update for Skype as yet.

 

However, in updating the above, I noticed Itunes has an issue with Chrome. So, processed an un/install for Chrome. Still an issue to download ITunes and Chrome, I reinstalled Itunes with the new IE with success.

 

Now, having not picked-up messages 45-46, I wanted to test the 'Palm' After attempting to open, the Palm froze the computer -- the same result that first began the virus/issue two months ago. Although, I can still restart in normal mode and utilize all of the computer programs -- as long as Symantec has its way with the previous-stated Java file. The issues with the Dell wireless card, Java, and Palm are interesting.

 

Finally, I read your messages. attempted to run 'scannow'. SFC seeks a disc. All of the unused discs in white envelopes and manuals are located in storage away from my current location. I have asked my son to get to the storage locker today to locate the CD's and FedEx to me, if possible.

 

Did do a search in C:. Noticed within the I386 and dll caches that all Windows (winnt32) are installed and able to locate. Please advise.

 

Kind regards

Share this post


Link to post
Share on other sites

...one more thing, don't know if it is related, however, when the original freezing issue began with the click-on Palm two months ago, and i subsequently operated in safe mode, all of the degenerate-email (spam, etc.) ceased...just after clicking on the Palm icon, I received spam email...again, this could be coincidence working on my anxiety...

 

Kind regards

Share this post


Link to post
Share on other sites

Hi,

 

I have been looking over the logs that you have been providing and there is nothing that is jumping out at me that is malware related. I have read on the Palm desktop and have found several places where it has been freezing computer systems, but I haven't been able to find a definitive workaround for it unfortunately. I will keep looking and get back as quickly as I can.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...